Re: [Samba] compile on solaris 64bit, static winbind
On Thu, Oct 08, 2009 at 07:13:40AM +0200, Dirk Jakobsmeier wrote: Dirk == Dirk Jakobsmeier dirk.jakobsme...@wige.com writes: Dirk Hello Eric, yes me again, because several CFLAGS where missing in Makefile like: bin/smbd: $(BINARY_PREREQS) $(SMBD_OBJ) bin/libtalloc.so bin/libtdb.so bin/libwbclient.so @echo Linking $@ @$(CC) -o $@ $(SMBD_OBJ) $(LDFLAGS) $(LDAP_LIBS) \ $(KRB5LIBS) $(DYNEXP) $(PRINT_LIBS) $(AUTH_LIBS) \ $(ACL_LIBS) $(PASSDB_LIBS) $(LIBS) $(DNSSD_LIBS) Dirk $(AVAHI_LIBS) \ $(POPT_LIBS) $(LIBTALLOC_LIBS) $(LIBTDB_LIBS) \ $(LIBWBCLIENT_LIBS) $(ZLIB_LIBS) No CFLAGS where set. So after adding them to every single line in Makefile i just added CFLAGS to LDFLAGS (they are used in every CC line). Then after copying libtalloc and libtdb manually to destination direcotry and trying smbstatus i got: ld.so.1: smbstatus: fatal: relocation error: R_AMD64_PC32: file /usr/local/samba/lib/libtalloc.so: symbol main: value 0x2800148234f does not fit This error is with all shared libraries i use when i compiled 64bit Dirk binaries. So I have to use static version of samba. Or do you have any tip how to work around this problem. The solaris 64bit installation has got both, 32bit and 64bit libraries. Perhaps this is the problem. Dirk i've found the problem after concentrating me on the Dirk relocation problem. I've found an article related on gcc and Dirk solaris ld and shared libraries. The option -G (shared libs Dirk using gcc) does not tell the solaris (/usr/ccs/bin/ld) Dirk linker to use share libraries. I have to change this options Dirk in the Makefile to -fPIC -shared and then samba compiles Dirk using shared libs. So now i will go on with my tests and Dirk will tell the list if everythink works. Dirk Thank you for opening my mind to search for the problem with Dirk the shared libraries. Another hint I can give you when you are building a 64 bit Samba is to specify the necessary CFLAGS, LDFLAGS when you run configure. Here's how I run configure when building with the gcc compiler. I create a small shell script called 'myconfigure' cat myconfigure CC='gcc' CXX=g++ \ CPPFLAGS='-D__EXTENSIONS__ -I/usr/local/include -I/usr/local/openldap/include -I/usr/local/sasl/include -I/usr/local/kerberos/include -I/usr/local/BerkeleyDB/include -I/usr/local/openssl/include' \ CFLAGS='-g -m64' \ LDFLAGS='-L/opt/corp/local/samba/lib -R/opt/corp/local/samba/lib -R\$$ORIGIN/../lib' \ ../source/configure \ --prefix=/opt/corp/local/samba \ --with-libiconv=/usr/local \ --with-readline=/usr/local \ --with-ldap \ --with-krb5=/usr/local/kerberos \ --with-ads \ --with-automount \ --with-libsmbclient \ --with-acl-support \ --with-winbind You will obviously need to adapt this for your own environment, but I think you get the idea. You can remove the -R\$$ORIGIN/../lib. I put all the shared libraries I need in the samba lib directory. That's there in case I want to run samba from another location. If you are using the Sun Studio compiler, here's a slightly different configuration of samba. The relevant changes are for CC and CFLAGS CC='cc' CXX=CC \ CFLAGS='-g -xarch=v9a' \ CC='cc' CXX=CC \ CPPFLAGS='-D__EXTENSIONS__ -I/usr/local/include' \ CFLAGS='-g -xarch=v9a' \ LDFLAGS='-L/opt/corp/local/samba/lib -R/opt/corp/local/samba/lib -L/usr/local/lib/sparcv9 -R/usr/local/lib/sparcv9 -L/usr/local/lib -R/usr/local/lib' \ ../source/configure \ --with-libiconv=/usr/local \ --with-readline=/usr/local \ --enable-debug \ --prefix=/opt/corp/local/samba One important point is that you need to make sure that the -L and -R switches are pointing to locations that have 64bit instead of 32bit libraries. Good luck. -- Eric M. Boehm /\ ASCII Ribbon Campaign bo...@nortel.com \ / No HTML or RTF in mail X No proprietary word-processing Respect Open Standards / \ files in mail -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] compile on solaris 64bit, static winbind
On Wed, Oct 07, 2009 at 03:10:16PM +0200, Dirk Jakobsmeier wrote: Dirk == Dirk Jakobsmeier dirk.jakobsme...@wige.com writes: Dirk Hello, i got many problems in compiling a working samba to Dirk use in our environment. Dirk - solaris 10 on amd64 sun hardware Dirk - version above 3.3.0 because of one of our applications Dirk - samba as memeber server in active directory because of Dirk usermanagement on Dirk windows 2003 Dirk - 64-bit samba because of many many open files Dirk - static libraries because of relocation error: R_AMD64_PC32 Dirk with shared ones Dirk (espacially libwbinfo.so) Dirk - non compiling static libwbclient because of Dirk shared-libraries-disabled not Dirk found (SHLD=shared-libraries-disabled in Makefile) Dirk - found comment about different handling on libwbclient Dirk (samba distribution) Dirk and libtalloc (system os) Dirk result is a nearly perfect working environment (even net Dirk join ads -w DOMAIN -U Administrator) but non working Dirk winbindd so no passwords from AD Dirk Could anyone give us a hint to make this working, because Dirk after some weeks of testing and searching via internet my Dirk brain got absolutely blank. I haven't had any problem building Samba 64-bit for Solaris Sparc. It might be helpful to see the output from make or from running the binary to see what is going wrong. It's often the case that you need to sed LD_LIBRARY_PATH or LD_RUN_PATH or otherwise specify where executables can find the shared libraries. -- Eric M. Boehm /\ ASCII Ribbon Campaign bo...@nortel.com \ / No HTML or RTF in mail X No proprietary word-processing Respect Open Standards / \ files in mail -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Confusing behavior of hosts allow/hosts deny in Samba 3.0.28/3.2.4
On Wed, Nov 05, 2008 at 10:58:43PM -0800, Jeremy Allison wrote: Jeremy == Jeremy Allison [EMAIL PROTECTED] writes: Mike == Mike Gallamore [EMAIL PROTECTED] writes: Eric Example 4: allow only hosts in NIS netgroup foonet, but deny Eric access from one particular host Eric hosts allow = @foonet Eric hosts deny = pirate Eric This doesn't mention that every host but pirate will have Eric access, not just those in @foonet. Eric I see this as a bug but I wonder if I am missing something. Jeremy I agree it's counter intuitive, but it does match the man Jeremy pages for hosts.allow and hosts.deny, which the original Jeremy code was based on. [excerpt from host_access manpages deleted] JeremyA non-existing access control file is treated as if Jeremy it were an empty file. Thus, access control Jeremy can be turned off by providing no access control files. Jeremy So having a hosts allow but no hosts deny means the Jeremy hosts deny is treated as an empty file (default deny I Jeremy think). Once you define a hosts deny then the default Jeremy changes to allow, if you only want to restrict access to Jeremy a specific hosts list then don't define a hosts deny, Jeremy just a hosts allow. I guess the issue is you really Jeremy don't need to have both defined (maybe we should log a Jeremy warning in this case that the results may not be what you Jeremy would expect). In a later message: Mike I think something like a sudoers file would make since, ie Mike no one gets access unless they are on the list. Suggestion: Mike Perhaps host allow should be the only option. If access Mike controls are enabled, people only get access if the host Mike allow field is defined and if their name is on the list. Jeremy Trouble is that would break existing setups. Nope, best Jeremy thing we can do is add a warning (IMHO). I agree that changing behavior of hosts deny and host access would break too many existing setups. However, I would like to suggest the following: 1. Eliminate or correct Example 4 from the documentation. Perhaps add an example using EXCEPT. That's what I determined I needed because I wanted to exclude hosts that were in the 'hosts allow' netgroup I think what Example 4 should be Example 4: allow only hosts in NIS netgroup foonet, but deny access from one particular host hosts allow = @foonet EXCEPT pirate 2. Add a warning or note that defining both 'hosts allow' and 'hosts deny' will lead to allowing everyone not in 'hosts deny'. That is, more hosts than those in 'hosts allow' will be allowed. -- Eric M. Boehm /\ ASCII Ribbon Campaign [EMAIL PROTECTED] \ / No HTML or RTF in mail X No proprietary word-processing Respect Open Standards / \ files in mail -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Confusing behavior of hosts allow/hosts deny in Samba 3.0.28/3.2.4
I saw some unexpected behavior in the interaction of hosts allow and hosts deny on Samba 3.0.28. I built Samba 3.2.4 just to be sure it wasn't something that had been fixed. I saw the same behavior. I'm not sure if it is a bug or a failure on my part to understand the documentation or misleading documentation. If I have a share defined as [export] comment = exported storage path= /export # admin users = boehm hosts allow = boehm-1 hosts deny = boehm-3 oplocks = no level2 oplocks = no guest ok= no create mask = 0775 directory mask = 0775 map archive = no writeable = yes Then host boehm-1 has access and boehm-3 is denied access. The odd part is that every other host now has access as well (e.g., boehm-2) Now, if I had only hosts allow and no hosts deny, only host boehm-1 would have access. hosts allow= boehm-1 # hosts deny = boehm-3 The confusing part, to me, was that adding hosts deny for a single host suddenly opened up the share to every host that wasn't in hosts deny, regardless as to whether they were in hosts allow. The man page for smb.conf has an example for both hosts allows and hosts deny Example 4: allow only hosts in NIS netgroup foonet, but deny access from one particular host hosts allow = @foonet hosts deny = pirate Note Note that access still requires suitable user-level passwords. See testparm(1) for a way of testing your host access to see if it does what you expect. This doesn't mention that every host but pirate will have access, not just those in @foonet. I see this as a bug but I wonder if I am missing something. -- Eric M. Boehm /\ ASCII Ribbon Campaign [EMAIL PROTECTED] \ / No HTML or RTF in mail X No proprietary word-processing Respect Open Standards / \ files in mail -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Eficient method to run [net time \\server] on logon script with winxp+domain ?
On Tue, Oct 14, 2008 at 01:00:59PM -0600, Jeff Ross wrote: Jeff == Jeff Ross [EMAIL PROTECTED] writes: f Bruno La Torre wrote: hamacker ha scritto: I can not find any element inside gpedit to change that. Do you know, what element I can change that ? hamacker ha scritto: Any eficient method to run [net time \\server] on logon script with winxp+domain ? configuration computer windows settings protection settings local settings set right user set change time sorry for my traslation. This might be slightly off topic but is there some reason you don't use NTP instead. More accurate, less overhead, less maintenance. You could set up the Samba server(s) as NTP time servers for your local subnet and run net time /setsntp:ntp server list just once and you would be good to go. You wouldn't need to worry about time after that. Jeff By co-incidence I've just been looking into this myself. Jeff I found this article most helpful: Jeff http://blogs.msdn.com/aaron_margosis/archive/2005/02/11/371474.aspx Jeff If I use INTERACTIVE as suggested, my netlogon script is Jeff able to sync the time to the samba server. Non-privledged Jeff users are not able to set the time at the toolbar clock, Jeff though. -- Eric M. Boehm /\ ASCII Ribbon Campaign [EMAIL PROTECTED] \ / No HTML or RTF in mail X No proprietary word-processing Respect Open Standards / \ files in mail -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] static libgcc issue on solaris 8
On Mon, Sep 29, 2008 at 09:40:04AM +0200, [EMAIL PROTECTED] wrote: Vincent == [EMAIL PROTECTED] writes: Vincent Hello all, Vincent little question. Has somebody already compiled samba on Vincent SunOS 5.8 because I cannot statically link libgcc Vincent libraries. Vincent I already tried gcc -static-libgcc, added -lgcc_s to Vincent LIBS variable but always the same result. Vincent Below resulted compiled binary .. Vincent # ldd bin/ntlm_auth Vincent libthread.so.1 =/usr/lib/libthread.so.1 Vincent libsendfile.so.1 = /usr/lib/libsendfile.so.1 Vincent libresolv.so.2 =/usr/lib/libresolv.so.2 Vincent libnsl.so.1 = /usr/lib/libnsl.so.1 Vincent libsocket.so.1 =/usr/lib/libsocket.so.1 Vincent libdl.so.1 =/usr/lib/libdl.so.1 Vincent libiconv.so.2 = /usr/local/lib/libiconv.so.2 Vincent libgssapi_krb5.so.2 = /usr/local/lib/libgssapi_krb5.so.2 Vincent libkrb5.so.3 = /usr/local/lib/libkrb5.so.3 Vincent libk5crypto.so.3 = /usr/local/lib/libk5crypto.so.3 Vincent libcom_err.so.3 = /usr/local/lib/libcom_err.so.3 Vincent libldap-2.3.so.0 = /usr/local/lib/libldap-2.3.so.0 Vincent liblber-2.3.so.0 = /usr/local/lib/liblber-2.3.so.0 Vincent libc.so.1 = /usr/lib/libc.so.1 Vincent libmp.so.2 =/usr/lib/libmp.so.2 Vincent libgcc_s.so.1 = /usr/local/lib/libgcc_s.so.1 Vincent libkrb5support.so.0 = /usr/local/lib/libkrb5support.so.0 Vincent libgen.so.1 = /usr/lib/libgen.so.1 Vincent libsasl2.so.2 = /usr/local/lib/libsasl2.so.2 Vincent libssl.so.0.9.8 = /usr/local/lib/libssl.so.0.9.8 Vincent libcrypto.so.0.9.8 =/usr/local/lib/libcrypto.so.0.9.8 Vincent /usr/platform/SUNW,Sun-Fire-V210/lib/libc_psr.so.1 Vincent Is there something special with SunOs that I should know Vincent to make my compilation work successfully ?? Vincent Can somebody help me because I absolutely need these Vincent binaries statically linked with libgcc libraries ? Why do you 'absolutely need' the binaries statically linked? That is strongly discouraged for Solaris. I think your best option is to use the -R switch when linking so that it includes /usr/local/lib (-R/usr/local/lib) If the libgcc libraries aren't in /usr/local/lib on whichever machines you are running samba on, then put copies of the library in the Samba lib directory and use -R/usr/local/samba/lib or -R/your/path/to/samba/lib That's what I due for the kerberos, ldap, ssl, sasl libraries. It does make the samba install bigger but I don't have to worry about all of these packages being installed on the system where I want to run Samba. -- Eric M. Boehm /\ ASCII Ribbon Campaign [EMAIL PROTECTED] \ / No HTML or RTF in mail X No proprietary word-processing Respect Open Standards / \ files in mail -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Is there a maximum number of shares samba can serve?
On Thu, Mar 13, 2008 at 06:40:49PM +0100, Volker Lendecke wrote: Volker == Volker Lendecke [EMAIL PROTECTED] writes: Volker On Thu, Mar 13, 2008 at 03:03:24PM +0100, Marcello Romani Volker wrote: I am being asked to determine the feasibility of serving hundreds (300-400) of directories as individual shares instead of sharing a single parent directory. Volker There is no limit in the number of shares Samba can serve. Volker If you list them all in smb.conf, you will however see Volker increased memory usage, because all share definitions are Volker loaded individually in all smbd processes. A single share Volker definition takes around 3k (we're working on reducing Volker that). So multiply the number of shares defined with the Volker number of concurrent clients and you might see some memory Volker footprint. Thanks, but I don't think it is going to meet my needs. I see no way to define 'hosts allow' or 'valid users' for a user share. I know I could use a template but that wouldn't allow me to change it for different shares. It was a little tricky defining the shares. Apparently, you can't define an ACL without a comment and defining the ACL didn't work as I expected. net usershare add archive /localdisk/software/archive test 'AMERICASE\boehm:F,AMERICASE\julieb:R' net usershare info [archive] path=/localdisk/software/archive comment=test usershare_acl=Unix User\boehm:F,Unix User\julieb:R guest_ok=n I wasn't expecting 'Unix User\boehm'. Looking at net_usershare.c, it looks like I am expected to provide an SID for the user. I don't normally run winbindd. I guess I will just have to live with the overhead. What would happen if I created the usershare data file manually instead of using the 'net usershare add' command? For example, adding 'hosts allow' or 'valid users' to the file created by the 'net usershare add' command? Volker So if you want to go REALLY large, in the order of Volker thousands, you might want to look at the user shares. If Volker the configuration options you can set in the user shares Volker are sufficient for your needs, then these are much more Volker memory-efficient because the definitions are only loaded Volker in smbd on demand. -- Eric M. Boehm /\ ASCII Ribbon Campaign [EMAIL PROTECTED] \ / No HTML or RTF in mail X No proprietary word-processing Respect Open Standards / \ files in mail -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Is there a maximum number of shares samba can serve?
I am being asked to determine the feasibility of serving hundreds (300-400) of directories as individual shares instead of sharing a single parent directory. Personally, I don't think this is a good idea. Clients will go from having a single connection to a single share to 50-300 connections to multiple shares. That can't be good for performance or load. I've searched the mailing list, the web, the documentation, the wiki and the source code. I haven't been able to determine the maximum, if any. Of course, I may have missed it. Feel free to point me to the correct documentation or source file. I've seen some references that you can't have either more than 145 or 165 shares per samba server. However, if there is anyone running such a large number of shares and has advice, I am happy to listen. -- Eric M. Boehm /\ ASCII Ribbon Campaign [EMAIL PROTECTED] \ / No HTML or RTF in mail X No proprietary word-processing Respect Open Standards / \ files in mail -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Is there a maximum number of shares samba can serve?
On Thu, Mar 13, 2008 at 03:03:24PM +0100, Marcello Romani wrote: Marcello == Marcello Romani [EMAIL PROTECTED] writes: Marcello Eric Boehm ha scritto: I am being asked to determine the feasibility of serving hundreds (300-400) of directories as individual shares instead of sharing a single parent directory. Marcello Hi, I found some docs about this smb.conf parameter: Marcello usershare max shares Marcello which specifies the maximum number of shares that the Marcello samba admin will allow non-root users to create via the Marcello command Marcello net usershare add Marcello ( read for example Marcello http://us1.samba.org/samba/docs/man/manpages-3/net.8.html Marcello ) Yes, I saw that but it wasn't much comfort. We don't have users creating shares in our environment but I understand your reasoning. I have a suspicion that the limit was set to a large value on the premise it would be unlikely that users would ever create that many shares. Marcello The example value given in the docs for the usershare Marcello max shares parameter is 100, which makes me think that a Marcello samba server should cope with a number of shares in the Marcello hundreds. Marcello I know it's not much, but I HTH nonetheless. My primary concern is the the number of clients connections would increase dramatically. If I have 50 clients with one connection (one share) now, that's 50 connections. This could increase to 300*50 connections. Granted, not every client will be active on every share at the same time but I could easily see that I could go from 1 to 10 connections per client. I am interested in knowing or at least estimating how Samba might perform under these conditions. -- Eric M. Boehm /\ ASCII Ribbon Campaign [EMAIL PROTECTED] \ / No HTML or RTF in mail X No proprietary word-processing Respect Open Standards / \ files in mail -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Is there a maximum number of shares samba can serve?
On Thu, Mar 13, 2008 at 10:56:47AM -0400, Charles Marcus wrote: Charles == Charles Marcus [EMAIL PROTECTED] writes: Charles On 3/13/2008, Eric Boehm ([EMAIL PROTECTED]) wrote: If I have 50 clients with one connection (one share) now, that's 50 connections. This could increase to 300*50 connections. Granted, not every client will be active on every share at the same time but I could easily see that I could go from 1 to 10 connections per client. I am interested in knowing or at least estimating how Samba might perform under these conditions. Charles It might be better if you define the problem and/or goal Charles first... Charles *Why* dod you need 300+ shares? Maybe there's a better Charles way to do it? For example, you could define one (or a Charles few) shares, then using a combination of permissions and Charles the 'hide unreadable' setting, users will only see the Charles folders that they have access rights to... We currently use Samba as an Interop environment for IBM/Rational ClearCase. The desire is control access to each ClearCase VOB individually. There are anywhere from 100-400 VOBs on each server. Normal UNIX permissions of owner, group and world are insufficient. In addition, there is a need to restrict access by hostname as well as user. I don't think permissions and hide unreadable will help with access by hostname. We have a concurrent problem with restricting NFS access relating to how large the export file can be and how many NFS mounts a client can make. It is likely that we will have to back off to the level of filesystems or higher in the directory tree. For example, we have /export/vobstore/disk1/proj1/VOBa /export/vobstore/disk1/proj1/VOBb /export/vobstore/disk1/proj2/VOBc /export/vobstore/disk1/proj1/VOBd /export/vobstore/disk2/proj2/VOBe /export/vobstore/disk2/proj1/VOBf /export/vobstore/disk3/proj2/VOBg /export/vobstore/disk3/proj1/VOBh The current method is to define the share [export] path = /export One proposal is to use [VOBa] path = /export/vobstore/disk1/proj1/VOBa [VOBb] path = /export/vobstore/disk1/proj1/VOBb etc. This is not going to work for NFS so we may back off to [disk1] path = /export/vobstore/disk1 [disk2] path = /export/vobstore/disk2 etc. -- Eric M. Boehm /\ ASCII Ribbon Campaign [EMAIL PROTECTED] \ / No HTML or RTF in mail X No proprietary word-processing Respect Open Standards / \ files in mail -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0.26a generating 'Failed to parse RR/answer record'
I upgraded from Samba-3.0.20a to Samba-3.0.26a. I am now seeing in my logs resolve_ads: Attempting to resolve DC's for CORP.NORTEL.COM using DNS [2007/10/30 09:03:35, 4, pid=1482] ../source/libads/dns.c:ads_dns_lookup_srv(356 ) ads_dns_lookup_srv: 22 records returned in the answer section. [2007/10/30 09:03:35, 1, pid=1482] ../source/libads/dns.c:ads_dns_parse_rr_srv(1 76) ads_dns_parse_rr_srv: Failed to parse RR record [2007/10/30 09:03:35, 1, pid=1482] ../source/libads/dns.c:ads_dns_lookup_srv(387 ) ads_dns_lookup_srv: Failed to parse answer record! [2007/10/30 09:03:35, 8, pid=1482] ../source/libsmb/namequery.c:get_dc_list(1505 ) Increasing debugging level to 10 didn't shed any light. I did build 3.0.20a about 2 years ago using different versions of SSL, SASL, LDAP, MIT Kerberos. Any suggestions how to track down the real problem or should I submit this through bugzilla.samba.org? -- Eric M. Boehm /\ ASCII Ribbon Campaign [EMAIL PROTECTED] \ / No HTML or RTF in mail X No proprietary word-processing Respect Open Standards / \ files in mail -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Write access to one user and Read-Only for anyother
On Wed, Jun 20, 2007 at 11:53:59AM -0300, Maginot Junior wrote: Maginot == Maginot Junior [EMAIL PROTECTED] writes: Maginot the problem is if I set the write list or valid users Im Maginot only giving the permission to those in the list... and Maginot the big problem is how to set all other users to be in Maginot the read list ... I dont have group with all inside and Maginot are not going to be any... I tryed with something like [memos] path = /home/memos write list = foouser read list = !foouser No, you should use [memos] path = /home/memos read only = yes write list = foouser This will make it read only except for anyone in the write list. From man smb.conf write list (S) This is a list of users that are given read-write access to a service. If the connecting user is in this list then they will be given write access, no matter what the read only option is set to. The list can include group names using the @group syntax. Note that if a user is in both the read list and the write list then they will be given write access. This parameter will not work with the security = share in Samba 3.0. This is by design. Note the first paragraph -- If the connecting user is in this list then they will be given write access, no matter what the read only options is set to. -- Eric M. Boehm /\ ASCII Ribbon Campaign [EMAIL PROTECTED] \ / No HTML or RTF in mail X No proprietary word-processing Respect Open Standards / \ files in mail -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Write access to one user and Read-Only for anyother
On Wed, Jun 20, 2007 at 12:37:09PM -0300, Maginot Junior wrote: Maginot == Maginot Junior [EMAIL PROTECTED] writes: Maginot Hmm now its workin... BUT one more thing, and if I dont Maginot want to be prompted for an user name ? What I want to do Maginot is map the share with the foouser login and username info Maginot and all other who try to view the share could do it at Maginot the most transparent way, with no question for user and Maginot password... is that possible? We would need to see you whole smb.conf. I'm not following what you are trying to do. If you map the share to foouser login, then everyone will have access. Perhaps you could give more concrete examples of what it is you are seeing and what you are trying to do,. -- Eric M. Boehm /\ ASCII Ribbon Campaign [EMAIL PROTECTED] \ / No HTML or RTF in mail X No proprietary word-processing Respect Open Standards / \ files in mail -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] ClearCase Interop problem with recent Samba versions
On Wed, Feb 14, 2007 at 06:03:47PM +0100, Volker Lendecke wrote: Volker == Volker Lendecke [EMAIL PROTECTED] writes: Volker On Wed, Feb 14, 2007 at 11:54:25AM +0100, Masopust, Volker Christian wrote: attached you'll find the level 10 logs and snoop output as i don't have tcpdump installed on this sun-server (if needed i could). Volker Try to set Volker host msdfs = no Volker msdfs root = no Volker in the [global] section. I see from the release notes for 3.0.23 that the defaults for these two settings were changed to yes. Does this have implications for uses other than ClearCase? Why did it affect ClearCase? -- Eric M. Boehm /\ ASCII Ribbon Campaign [EMAIL PROTECTED] \ / No HTML or RTF in mail X No proprietary word-processing Respect Open Standards / \ files in mail -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Second SAMBA Server different NETBIOS alias and shares for ClearCase
On Wed, Jun 21, 2006 at 11:51:10AM -0400, Gary Dale wrote: Gary == Gary Dale [EMAIL PROTECTED] writes: Gary That sounds like a fairly typical use of Samba. The easiest Gary way to do this is to use the SWAT wizard to make the server Gary a member server. Being a member server means that domain Gary authentication is handled by a domain controller, not by the Gary member server. I doubt that Raymond/Patrick will be successful in speeding up ClearCase builds. I've had extensive experience with Samba and Clearcase. Are you serving VOBs or VIEWs via Samba? VOBs shouldn't be an issue although LDAP authentication might be a problem. We usually pass the authentication to the domain controller (security = DOMAIN) If you are serving dynamic VIEWs, forget it. Builds will always be extremely slow. I've seen this problem with SAMBA and NAS using CIFS. You are better off using local storage or accepting the slowness. Gary Kdeiss, Raymond E. wrote: We might not have been clear in our question. I will try to explain what we are trying to do. We have a SAMBA Server (Solaris) utilizing an LDAP backend for user authentication. The Samba server serves PCs for authentication and it serves Samba filesystem shares. We want to be able to create a second samba server (Solaris) that can be a member of the domain and also serves shares to PCs and only serves shares to PC. The second SAMBA server does not need to be responsible for PC logging / Authentication. Is that possible and have can I make that second UNIX server a member of the domain? Thanks Raymond Kdeiss -Original Message- From: Gary Dale [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 31, 2006 4:20 PM To: Hoferer, Patrick K. Cc: samba@lists.samba.org; Bailey, Alonza; Kdeiss, Raymond E. Subject: Re: [Samba] Second SAMBA Server different NETBIOS alias and shares for ClearCase Hoferer, Patrick K. wrote: I have a SAMBA Server utilizing an LDAP backend for user authentication and it works great unless I use ClearCase. When ClearCase is used the compilation time for our code is slowed down to a crawl and the ClearCase application is rendered nearly useless. As a test fix my boss wants me to create a second SAMBA server to be used for only the ClearCase server. I don't know if this will work, but I may be able to accomplish my task if I set the os level lower than my primary SAMBA server set the SID to the same as my existing server. I then change the netbios alias to clearcase. I'll then add my views and vobs through either NFS or SANS client to the ClearCase SAMBA server. This way if a workstation using ClearCase needs to use the \\clearcase\views share it will utilize the ClearCase SAMBA server not the primary server. All authentication should remain through my LDAP server since I did not change the SIDs for my server or user accounts. If this plan sound feasible please let me know. If it sounds like I may break my existing architecture let me know. If you have better suggestions I am looking for any help. Thank you for your time, Patrick Hoferer I don't think you're being very clear. In Windows terms, you log into a domain, not a server. It sounds like you want to maintain the same authentication but split an application off onto a different server to improve performance. However, it's not clear if you want to use Samba or NFS to share the files. I'm going to assume that the new server will be providing file services through Samba. If you want the ClearCase server to use the same authentication, just make it a member server in your existing domain. Stop the ClearCase Samba shares on the old server and start them on the new one. Gary -- To unsubscribe from this list go to the following URL and Gary read the instructions: Gary https://lists.samba.org/mailman/listinfo/samba -- Eric M. Boehm /\ ASCII Ribbon Campaign [EMAIL PROTECTED] \ / No HTML or RTF in mail X No proprietary word-processing Respect Open Standards / \ files in mail -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] ADS on Solaris
On Thu, May 11, 2006 at 10:54:00AM -0700, Harris, Jason (DIS) wrote: Jason == Harris, Jason \(DIS\) Harris writes: Jason Hi all, I see that the premade binaries for Samba on Jason Solaris, even recent versions, have ADS support not Jason compiled in. I see more ad domains than nt4 domains these Jason days, so I am going to compile it myself with ads on. I Jason want to ask the experienced if there are any gotchas with Jason ads Samba on Solaris, or something about Solaris that makes Jason ads Samba support difficult. Thanks ADS support is non-trivial. There are so many additional packages and libraries needed. You would have to provide distributions of kerberos, SSL, ldap, iconv, sasl, readline, etc. I had to play games with the linker and specify the RUN_PATH to the libraries as being the samba lib directory. Here's what ldd on smbd looks like -- pay attention to /opt/corp/local/samba/lib/... You could try statically linking but I'm not sure that would work. I don't think you want to go there. libthread.so.1 =/usr/lib/64/libthread.so.1 libldap.so.2 = /opt/corp/local/samba/lib/libldap.so.2 liblber.so.2 = /opt/corp/local/samba/lib/liblber.so.2 libgssapi_krb5.so.2 = /opt/corp/local/samba/lib/libgssapi_krb5.so.2 libkrb5.so.3 = /opt/corp/local/samba/lib/libkrb5.so.3 libk5crypto.so.3 = /opt/corp/local/samba/lib/libk5crypto.so.3 libkrb5support.so.0 = /opt/corp/local/samba/lib/libkrb5support.so.0 libcom_err.so.3 = /opt/corp/local/samba/lib/libcom_err.so.3 libresolv.so.2 =/usr/lib/64/libresolv.so.2 libsocket.so.1 =/usr/lib/64/libsocket.so.1 libnsl.so.1 = /usr/lib/64/libnsl.so.1 libsendfile.so.1 = /usr/lib/64/libsendfile.so.1 libsec.so.1 = /usr/lib/64/libsec.so.1 libgen.so.1 = /usr/lib/64/libgen.so.1 libdl.so.1 =/usr/lib/64/libdl.so.1 libiconv.so.2 = /opt/corp/local/samba/lib/libiconv.so.2 libc.so.1 = /usr/lib/64/libc.so.1 libsasl2.so.2 = /opt/corp/local/samba/lib/libsasl2.so.2 libdb-4.3.so = /opt/corp/local/samba/lib/libdb-4.3.so libkrb4.so.2 = /opt/corp/local/samba/lib/libkrb4.so.2 libdes425.so.3 =/opt/corp/local/samba/lib/libdes425.so.3 libssl.so.0.9.8 = /opt/corp/local/samba/lib/libssl.so.0.9.8 libcrypto.so.0.9.8 =/opt/corp/local/samba/lib/libcrypto.so.0.9.8 libmp.so.2 =/usr/lib/64/libmp.so.2 librt.so.1 =/usr/lib/64/librt.so.1 libaio.so.1 = /usr/lib/64/libaio.so.1 /usr/platform/SUNW,Sun-Blade-1500/lib/sparcv9/libc_psr.so.1 -- Eric M. Boehm /\ ASCII Ribbon Campaign [EMAIL PROTECTED] \ / No HTML or RTF in mail X No proprietary word-processing Respect Open Standards / \ files in mail -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Too many open files, Bug 3342
On Sat, Feb 04, 2006 at 04:31:50PM -0800, David Highley wrote: David == David Highley [EMAIL PROTECTED] writes: David We submitted bug 3342 on Dec. 20th, Too many open files. It David has not moved from the new state. So lets try here. David We have Dell Quad Xeon server that we end up rebooting David about every 2-3 weeks when the number of open samba files David sky rockets. The system is a ClearCase server system. We David have been monitoring this system for a few months now and David are not able to pin down a cause to this issue. The system David keeps a pretty constant number of samba open files until David what ever triggers the issue and then the number of file David opens climbs at a steep exponential rate. David RedHat Advanced Server 3 update 3 Linux quinault David 2.4.21-27.0.2.ELsmp #1 SMP Wed Jan 12 23:35:44 EST 2005 David i686 i686 i386 GNU/Linux Samba version=3.0.6-2E I see you are using Samba 3.0.6. There were a lot of bug fixes after that release. I would start with version 3.0.14a. I've been using that version with ClearCase (although with Solaris 8). I would not use 3.0.20anything or even the latest 3.0.21b. It might be useful to see your smb.conf as well as your client MVFS settings. However, ClearCase is not within the scope of this mailing list. David Clients for the most part are Windows XP and Windows 2003 David Enterprise servers. David Still looking clues as to what might be a cause for this David behavior. Our systems people have monitored everything they David can think of to see if we can find a correlation but so far David nothing has turned up. David It is a large, 200+ development environment with NFS and David NAS CX400, storage units on the servers. It is a heavy file David access, large builds parallel builds on multiple David architectures. -- Eric M. Boehm /\ ASCII Ribbon Campaign [EMAIL PROTECTED] \ / No HTML or RTF in mail X No proprietary word-processing Respect Open Standards / \ files in mail -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Too many open files, Bug 3342
On Mon, Feb 06, 2006 at 08:39:34AM -0800, David Highley wrote: David == David Highley [EMAIL PROTECTED] writes: David RedHat Advanced Server 3 update 3 Linux quinault David 2.4.21-27.0.2.ELsmp #1 SMP Wed Jan 12 23:35:44 EST 2005 David i686 i686 i386 GNU/Linux Samba version=3.0.6-2E Eric I see you are using Samba 3.0.6. There were a lot of bug Eric fixes after that release. I would start with version Eric 3.0.14a. I've been using that version with ClearCase Eric (although with Solaris 8). Eric I would not use 3.0.20anything or even the latest 3.0.21b. Eric It might be useful to see your smb.conf as well as your Eric client MVFS settings. However, ClearCase is not within the Eric scope of this mailing list. It might be helpful to see how you've defined the share. Here's a template that I've recommended for ClearCase. # # Duplicate the following block for each share you wish to # define. ClearCase related storage areas must have oplocks = no. For # other applications, you may wish to set oplocks = yes. # [share-name] comment = your-comment-here path= path-to-storage # admin users = # hosts allow = @netgroup, host, ip_address # valid users = @netgroup, userid create mask = 0775 directory mask = 0775 # If guest ok = yes, then anyone will be able to connect # without authentication. If that is the desired configuration, # you may want to make the share read-only (i.e., writeable = no) guest ok= no map archive = no oplocks = no writeable = yes David We have tuned the client MVFS setting down to 200 for David Maximum number of mnodes to kee on the VOB free list and David Maximum number of mnodes to keep for cleartext free list. You might be surprised but these limits are not always observed. I have seen clients open more than 200 files even when MVFS settings are tuned down. Is any of this Java code? That's where I've seen this problem occur (exceeding the mnodes setting). FWIW, we don't tune down MVFS. We have the scaling factor set to 4 and let mnodes be 4500 (VOB free) and 1800 (cleartext free). We've been running this way for years at multiple locations around the globe. We have anywhere from 20-600+ clients at a location. David Were not looking for ClearCase support, we believe that David this issue maybe a symptom of some other issue but so far David we have not been able to make the connection. Because of David our operating environment, security, it is very hard to David make changes to platform configurations. I understand your constraints but given that your environment is having problems, isn't that enough to warrant upgrading? I've looked at the release notes since 3.0.6 and there are lots of fixes for memory leaks and problems in the code that handles files. I think 3.0.14a is your next best bet. 3.0.6 is about 1.5 years old. I would also expect that the Samba team isn't going to be interested in pursuing the bug unless you can reproduce it against the latest version (3.0.21b). Your security setting might be influencing the number of open connections you have (not necessarily the number of file opens). Do you have 'security = domain' or 'security = server' in your smb.conf? David What information might be available about the samba David connections that might lead us to determine what triggers David this event? You might look at the Samba client logs for any strange error messages. Does the problem occur at a predictable time -- such as after a large build? or a particular build? You said that you were using NAS. If that's the case, why aren't you using CIFS through the NAS? You might not even need Samba. Lastly, what are /proc/sys/fs/file-max /proc/sys/fs/file-nr set to? -- Eric M. Boehm /\ ASCII Ribbon Campaign [EMAIL PROTECTED] \ / No HTML or RTF in mail X No proprietary word-processing Respect Open Standards / \ files in mail -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Username.map works in 2.2.8a, doesn't work in 3.0.14a - SOLVED
On Wed, Aug 24, 2005 at 03:26:23PM -0400, Boehm, Eric [GWRTP:CM21:EXCH] wrote: Eric == Boehm, Eric [GWRTP:CM21:EXCH] Boehm writes: Eric I'm a bit puzzled. I am able to map an account without any Eric problem on Samba 2.2.8a (security=domain). However, access Eric fails with Samba 3.0.14a when everything else is the same Eric (same configuration files). Eric Any advice as to the cause of the problems (and its Eric solution) would be appreciated. I'll follow up and answer my own question. The problem is that I didn't understand the Release notes for 3.0.8 == Change in Username Map == Previous Samba releases would only support reading the fully qualified username (e.g. DOMAIN\user) from the username map when performing a kerberos login from a client. However, when looking up a map entry for a user authenticated by NTLM[SSP], only the login name would be used for matches. This resulted in inconsistent behavior sometimes even on the same server. Samba 3.0.8 obeys the following rules when applying the username map functionality: * When performing local authentication, the username map is applied to the login name before attempting to authenticate the connection. * When relying upon a external domain controller for validating authentication requests, smbd will apply the username map to the fully qualified username (i.e. DOMAIN\user) only after the user has been successfully authenticated. Previously, I had used unix_user = windows_user After reading the notes above, I tried DOMAIN\unix_user = windows_user I should have used (and this did work) unix_user = DOMAIN\windows_user -- Eric M. Boehm /\ ASCII Ribbon Campaign [EMAIL PROTECTED] \ / No HTML or RTF in mail X No proprietary word-processing Respect Open Standards / \ files in mail -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Multiple instances of samba
On Fri, Aug 26, 2005 at 07:50:31AM -0500, Ed Curtis wrote: Ed == Ed Curtis [EMAIL PROTECTED] writes: Ed I found instructions on how to start 2 instances of samba Ed binding each instance to an individual ip address or interface Ed on the server but it will only start the first insatnce I try. Ed /usr/sbin/smbd -s /etc/samba/smb.conf.DOMAIN1 Ed /usr/sbin/nmbd -s /etc/samba/smb.conf.DOMAIN1 Ed /usr/sbin/smbd -s /etc/samba/smb.conf.DOMAIN2 Ed /usr/sbin/nmbd -s /etc/samba/smb.conf.DOMAIN2 Ed Only the DOMAIN1 will start. I get no errors when running the Ed commands to start the second instance but it's not running. Ed Any ideas? You have to make sure that you include the following: smb.conf.DOMAIN1 bind interfaces only = yes interfaces = 127.0.0.1, ip for interface 1/netmask smb.conf.DOMAIN2 bind interfaces only = yes interfaces = ip for interface 2/netmask E.g., smb.conf.DOMAIN1 bind interfaces only = yes interfaces = 127.0.0.1, 192.168.1.2/24 smb.conf.DOMAIN2 bind interfaces only = yes interfaces = 192.168.2.1/24 It doesn't matter which of the two has the loopback address, 127.0.0.1, so long as only *ONE* of them has it. In addition, you will probably want to assign a netbios name = hostname with the appropriate hostname to each config file and insert the hostname (as appropriate) into the lock directory = /usr/local/samba/var/hostname/locks and, lastly, the log file path log file = /usr/local/samba/var/hostname/log.%m -- Eric M. Boehm /\ ASCII Ribbon Campaign [EMAIL PROTECTED] \ / No HTML or RTF in mail X No proprietary word-processing Respect Open Standards / \ files in mail -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Username.map works in 2.2.8a, doesn't work in 3.0.14a
I'm a bit puzzled. I am able to map an account without any problem on Samba 2.2.8a (security=domain). However, access fails with Samba 3.0.14a when everything else is the same (same configuration files). Any advice as to the cause of the problems (and its solution) would be appreciated. From 2.2.8a logs [2005/08/24 14:59:51, 3, pid=7767] smbd/reply.c:(880) Domain=[americase] NativeOS=[Windows 2002 Service Pack 2 2600] NativeLanMan=[Windows 2002 5.1] [2005/08/24 14:59:51, 3, pid=7767] smbd/reply.c:(890) sesssetupX:name=[pnmadm09] [2005/08/24 14:59:51, 3, pid=7767] lib/username.c:(168) Mapped user pnmadm09 to pnmadm [2005/08/24 14:59:51, 3, pid=7767] libsmb/namequery.c:(769) resolve_lmhosts: Attempting lmhosts lookup for name ZRTPD0PP0x20 [2005/08/24 14:59:51, 3, pid=7767] lib/util_sock.c:(845) Connecting to 47.140.205.113 at port 445 [2005/08/24 14:59:52, 3, pid=7767] smbd/password.c:(340) User name: pnmadm Real name: PNM Admin,PSD17792 [2005/08/24 14:59:52, 3, pid=7767] smbd/password.c:(736) authorise_login: ACCEPTED: validated uid ok as non-guest (user=pnmadm) [2005/08/24 14:59:52, 1, pid=7767] smbd/service.c:(636) boehm-1 (47.143.20.49) connect to service export as user pnmadm (uid=34344, gid=4794) (pid 7767) From 3.0.14a logs [2005/08/24 15:09:11, 3, pid=10515] libsmb/ntlmssp.c:(606) Got user=[pnmadm09] domain=[americase] workstation=[BOEHM-1] len1=24 len2=24 [2005/08/24 15:09:11, 3, pid=10515] lib/username.c:(173) Mapped user pnmadm09 to pnmadm [2005/08/24 15:09:11, 3, pid=10515] auth/auth.c:(219) check_ntlm_password: Checking password for unmapped user [EMAIL PROTECTED] with the new password interface [2005/08/24 15:09:11, 3, pid=10515] auth/auth.c:(222) check_ntlm_password: mapped user is: [EMAIL PROTECTED] [2005/08/24 15:09:11, 0, pid=10515] auth/auth_domain.c:(118) connect_to_domain_password_server: unable to setup the NETLOGON credentials to machine ZRTPD0PP. Error was : NT_STATUS_ACCESS_DENIED. [2005/08/24 15:09:11, 3, pid=10515] libsmb/cliconnect.c:(1406) Connecting to host=ZRTPD0PP [2005/08/24 15:09:11, 3, pid=10515] lib/util_sock.c:(752) Connecting to 47.140.205.113 at port 445 [2005/08/24 15:09:11, 3, pid=10515] rpc_client/cli_netlogon.c:(290) cli_nt_setup_creds: auth2 challenge failed NT_STATUS_ACCESS_DENIED [2005/08/24 15:09:11, 0, pid=10515] auth/auth_domain.c:(118) connect_to_domain_password_server: unable to setup the NETLOGON credentials to machine ZRTPD0PP. Error was : NT_STATUS_ACCESS_DENIED. [2005/08/24 15:09:11, 3, pid=10515] libsmb/cliconnect.c:(1406) Connecting to host=ZRTPD0PP [2005/08/24 15:09:11, 3, pid=10515] lib/util_sock.c:(752) Connecting to 47.140.205.113 at port 445 [2005/08/24 15:09:11, 3, pid=10515] rpc_client/cli_netlogon.c:(290) cli_nt_setup_creds: auth2 challenge failed NT_STATUS_ACCESS_DENIED [2005/08/24 15:09:11, 0, pid=10515] auth/auth_domain.c:(118) connect_to_domain_password_server: unable to setup the NETLOGON credentials to machine ZRTPD0PP. Error was : NT_STATUS_ACCESS_DENIED. [2005/08/24 15:09:11, 0, pid=10515] auth/auth_domain.c:(170) domain_client_validate: Domain password server not available. [2005/08/24 15:09:11, 2, pid=10515] auth/auth.c:(312) check_ntlm_password: Authentication for user [pnmadm09] - [pnmadm] FAILED wi th error NT_STATUS_TRUSTED_RELATIONSHIP_FAILURE [2005/08/24 15:09:21, 3, pid=105 -- Eric M. Boehm /\ ASCII Ribbon Campaign [EMAIL PROTECTED] \ / No HTML or RTF in mail X No proprietary word-processing Respect Open Standards / \ files in mail -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Is anyone successfully using Solaris 8/Samba 3.0.x w/ads and OpenLDAP 2.1.22?
Has anyone had success getting OpenLDAP 2.1.22 to work with Samba and ADS. I can get 2.1.22 to work with Samba 3.0.x. If I try a newer version, it barfs when it calls ldap_set_option in function ads_do_search. I've tried with 3.0.14a and 3.0.20pre2. They changed how OpenLDAP interacts with Kerberos after 2.1.23. I did exchange some emails with the OpenLDAP developers. It wasn't much help -- they said that Kerberos access should go through Cyrus SASL. I have looked at http://samba.org/~jht/Notes/Samba-Install-Solaris9.txt But that refers to openldap-2.1.23. -- Eric M. Boehm /\ ASCII Ribbon Campaign [EMAIL PROTECTED] \ / No HTML or RTF in mail X No proprietary word-processing Respect Open Standards / \ files in mail -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Samba Server [Solaris 8] on Windows 2K/2003 [ADS] network
On Tue, Apr 26, 2005 at 06:11:15AM -0500, TimS wrote: Tim == TimS [EMAIL PROTECTED] writes: Christoph == Christoph Kaegi [EMAIL PROTECTED] Tim CHRISTOPH: I've never done that. How do you do it? Using ip aliases. See man ifconfig, see the section on logical interfaces. Briefly LOGICAL INTERFACES Solaris TCP/IP allows multiple logical interfaces to be associated with a physical network interface. This allows a single machine to be assigned multiple IP addresses, even though it may have only one network interface. Physical network interfaces have names of the form driver-name physical-unit-number, while logical interfaces have names of the form driver-name physical-unit-number:logical-unit-number. A physical interface is configured into the system using the plumb command. For example: Tim -Is it possible to Tim set up a test environment for the new Samba release in Tim another location on the same UNIX box? Eric Not sure what you mean here. Do you mean you want to Eric separate Samba installs on the same box? If so, you would Eric need at least two network interfaces. You can't run two Eric instances of Samba on the same interface/IP address. Christoph You don't need a second network interface, you can just Christoph define a second IPaddress on the same interface. -- Eric M. Boehm /\ ASCII Ribbon Campaign [EMAIL PROTECTED] \ / No HTML or RTF in mail X No proprietary word-processing Respect Open Standards / \ files in mail -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba Server [Solaris 8] on Windows 2K/2003 [ADS] network
On Fri, Apr 22, 2005 at 08:22:14AM -0500, TimS wrote: Tim == TimS [EMAIL PROTECTED] writes: Tim ALL: Please forgive my ignorance. I am not just naive Tim regarding Samba..., or Solaris..., or UNIX, or Windows Tim Networking..., the naivity courses through my veins Tim abundantly in all IT related matters. :-) Tim Our work unit is the lone UNIX [Samba server 2.2 on Solaris Tim 8] installation on the organizational Windows WAN. None of Tim the analysts in our unit have domain admin rights. The sys Tim manager in our unit [my boss] has steadfastly refused to add Tim our UNIX [Samba] server to the windows domain. Tim Password synchronization has been a thorn in our side from Tim day one. A SSO solution is the ultimate, but from what I'm Tim reading, that isn't possible unless/until our Samba server is Tim added to the domain. Tim QUESTIONS: -Would upgrading to the lastest Samba release help Tim at all on this issue? -I don't see a binary available at the Tim Samba download site for Solaris 8. Our SysMgr could You just need Samba 3. Tim certainly do the upgrade without the binary, but I have not Tim ever done the make/build routine before. That could be tricky. I've built Samba 3 with kerberos and ldap and the various components needs for ADS but it is decidedly non-trivial. However, you don't need to use 'security = ads' to participate. You can use just 'security = domain' which would be a plain vanilla build. We have several servers participating in an ADS network with 'security=domain'. You would then be able to pass authentication through to the Windows domain controllers. Tim -Is it possible to Tim set up a test environment for the new Samba release in Tim another location on the same UNIX box? Not sure what you mean here. Do you mean you want to separate Samba installs on the same box? If so, you would need at least two network interfaces. You can't run two instances of Samba on the same interface/IP address. I hope this helps. -- Eric M. Boehm /\ ASCII Ribbon Campaign [EMAIL PROTECTED] \ / No HTML or RTF in mail X No proprietary word-processing Respect Open Standards / \ files in mail -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Samba Server [Solaris 8] on Windows 2K/2003 [ADS] network
On Fri, Apr 22, 2005 at 10:03:46AM -0500, TimS wrote: Tim == TimS [EMAIL PROTECTED] writes: ERIC: Tim Thanks for taking pity... :-) This is great news! I knew from Tim the reading I've done that the ADS features code was put into Tim Samba 3; but what I didn't pick up on is that it would work Tim whether the Samba server is on the Windows domain or not. Yes, you do have to create a machine account for the Samba server in the Windows domain in order for security = domain to work. However, Active Directory domain controllers will talk to the Samba server. You may have to have your domain admins check a box that says something like Allow pre-Windows 2000 authentication when they create the machine account. Tim Our Solaris box has two network adapters, one RJ-45 and one Tim fiber, but but we can only use the RJ-45 connection due to Tim the powers-that-be nixing our request to drop a line for the Tim fiber connection -- even though There is a vacant fiber Tim plug-in on the switch. Tim However..., we also have a Linux Box [RedHat 9] in our Tim unit. Couldn't we upgrade the Samba installation on it Tim [...come to think of it, one of our other guys just rebuilt Tim that box a few weeks ago, and I don't know for sure which Tim Samba release is on it now...] and do the testing there? You certainly could. BTW, I forgot to mention that you could also use Samba 2.2.8a in your environment if you couldn't find a binary for Samba 3. Samba 2.x can work in an ADS environment -- we're using 2.2.8a with a Native Active Directory environment. Tim Speaking of that, can you tell me off the top of your head Tim the quickest way to determine which Samba release is Tim currently running on the Linux box? /path/to/smbd -V -- e.g., /usr/local/samba/bin/smbd -V As a side note, I made a presentation about setting up Samba (including building it) with ClearCase. However, the material is applicable even if you aren't using ClearCase. You can find it at http://www-128.ibm.com/developerworks/rational/library/5769.html If you follow the link at the right hand side that says Related Presentation Files http://www-128.ibm.com/developerworks/rational/library/content/04August/3033/3033_SCM04.zip you can download the presentation and related templates and the web site that I developed and that the presentation is based on. Again, much of the material is applicable even if you aren't using ClearCase. You can browse the web files through the filesystem -- you don't need a web server. Any browser will work. -- Eric M. Boehm /\ ASCII Ribbon Campaign [EMAIL PROTECTED] \ / No HTML or RTF in mail X No proprietary word-processing Respect Open Standards / \ files in mail -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] WinXP won't authenticate
On Thu, Feb 10, 2005 at 10:32:48AM -0600, Greene, Jason A [ITS] wrote: Jason == Greene, Jason A [ITS] Greene writes: Jason I tried setting Jason client spnego = yes Jason and Jason client signing = mandatory Jason in my global section and still no luck . . . Are the Windows XP client machine accounts configure to Allow Pre-Windows 2000 authentication or some option to that effect? -- Eric M. Boehm /\ ASCII Ribbon Campaign [EMAIL PROTECTED] \ / No HTML or RTF in mail X No proprietary word-processing Respect Open Standards / \ files in mail -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] username map --update dynamically?
On Sun, Sep 12, 2004 at 06:18:25AM -0400, Christian Merrill wrote: Christian == Christian Merrill [EMAIL PROTECTED] writes: Christian My assumption is that that Samba needs to be restarted Christian before it can recognize changes made to a username map Christian file. Is there anyway to have it dynamically recognize Christian changes? That assumption is not entirely correct. New daemons will see the change immedidately. Already running daemons need a SIGHUP to reload From man smbd The configuration file, and any files that it includes, are automatically reloaded every minute, if they change. You can force a reload by sending a SIGHUP to the server. Reloading the configuration file will not affect connections to any service that is already established. Either the user will have to disconnect from the service, or smbd killed and res- tarted. This is true for 2.2.x and 3.0.x -- Eric M. Boehm /\ ASCII Ribbon Campaign [EMAIL PROTECTED] \ / No HTML or RTF in mail X No proprietary word-processing Respect Open Standards / \ files in mail -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] SAMBA and NFS
On Wed, Jul 07, 2004 at 01:23:37PM -0400, bastard operater wrote: BOFH1234 == bastard operater [EMAIL PROTECTED] writes: BOFH1234 Can samba connect to an NFS share and then re-export BOFH1234 that share so my windows XP users can connect to it? BOFH1234 Basically I have a NFS share that all of my windows XP BOFH1234 users need read-only access to. The goal of this BOFH1234 project is to replace an old MS Gateway Services for BOFH1234 Novell server (using IPX) with something that can do the BOFH1234 same thing but over IP. I am pretty sure Novell and AD BOFH1234 can share files using Native File Access, but that would BOFH1234 require the Novell admins to get CIFS setup on the BOFH1234 Novell side. The Novell server we are using has NFS BOFH1234 already setup and getting that much setup was like BOFH1234 pulling teeth. Samba can share any filesystem that the Samba server can see. Your performance will be degraded because you have the dual overhead of Samba and NFS, but you can share the filesystem. -- Eric M. Boehm /\ ASCII Ribbon Campaign [EMAIL PROTECTED] \ / No HTML or RTF in mail X No proprietary word-processing Respect Open Standards / \ files in mail -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] SAMBA and NFS
On Wed, Jul 07, 2004 at 02:49:30PM -0400, bastard operater wrote: bastard == bastard operater [EMAIL PROTECTED] writes: bastard Thank you for the response. Would there still be a bastard performance problem if I had two NICs in the PC? One to bastard connect to the NFS share and the second NIC to connect to bastard the windows PCs? I am talking about a maximum of 20 bastard people connecting to the samba share with at most 5-6 bastard people passing data over the share. The samba server bastard would be a 2.2GHz PC with 512MB of RAM. I don't think that will help you. I am talking about the overhead of the two protocols. For example, if you were access files via NFS, you might see something like this client - NFS - NFS server and for samba client - SMB (CIFS) - Samba server However, in your example, client - SMB (CIFS) - Samba server - NFS - NFS server The client has to go through two network file systems to get to the data. -- Eric M. Boehm /\ ASCII Ribbon Campaign [EMAIL PROTECTED] \ / No HTML or RTF in mail X No proprietary word-processing Respect Open Standards / \ files in mail -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Using Samba and Rational ClearCase Tools
On Fri, May 28, 2004 at 04:59:05PM -0400, Sharpe, Annik A wrote: April == Sharpe, Annik A [EMAIL PROTECTED] writes: April Hello, We are using Samba to connect our ClearCase server April to the Windows environment. Our original configuration was April one server hosting all our VOBs and Views. We have Samba April configured to allow mapping of shares to our ClearCase April Windows Clients. Everything was working fine. Now we have April set up a second server to host all our Views separate from April the VOBs. So we have a View server and a separate VOB April separate. When we setup the View server we installed Samba April on that server, copied the config file from the original April setup to the new server and the only configuration change April made was in the Global parameters, the NetBios Name to be April the new server name. April We are able to map a network drive to our new server. We April are able to create a View on the UNIX server, region April synchronize on the Win Client side and mount a VOB. However April when we try to create a new file we get a window stating April Access Denied. If we try to check out an existing file we April get an Error checking out {filename}. Unable to update April view {viewname}: Permission Denied. Unable to check out April {filename}. April We are able to complete all these steps within the UNIX April environment, we are only having problems from the Windows April environment and so we are assuming it has to do with our April Samba configuration. This is usually caused by a permission problem. Did you copy username.map from the VOB server to the View server? What are the exact details in the view_log on the client? Is there anything in the error_log? What is the ALBD Account? Is there a corresponding UNIX account? Do you realize that performance of views through Samba will probably be 50-200+% worse than a local view? If you increase the Samba debug level to 3 and repeat the operation, what is in the Samba log? Do you have 'log file = /usr/local/samba/var/log.%m' in your smb.conf? This will make it easier to debug. -- Eric M. Boehm /\ ASCII Ribbon Campaign [EMAIL PROTECTED] \ / No HTML or RTF in mail X No proprietary word-processing Respect Open Standards / \ files in mail -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba for Rational Clearcase.
On Sat, May 22, 2004 at 02:12:27AM -0400, Shashidhar SR wrote: Shashidhar == Shashidhar [EMAIL PROTECTED] writes: Shashidhar Hello, Shashidhar I am Shashidhar SR Working for Siemens Communication Shashidhar Software in Bangalore, INDIA as a Configuration Shashidhar Manager for Clearcase. Shashidhar I need some help regarding the samba configuration at Shashidhar our site. Shashidhar First Let me Explain our Environment: Your question would be better answered on the ClearCase mailing list See http://www-136.ibm.com/developerworks/rational/ OR http://www-106.ibm.com/developerworks/forums/dw_forum.jsp?forum=333cat=24hideBody=true Shashidhar - We are Using samba 2.2.8a on Solaris 9. - We are Shashidhar using samba as an interop from Solaris 9 box to Shashidhar winnt/w2k/win-xp clients. - On Solaris we have Shashidhar installed IBM Rational Clearcase and we have around 20 Shashidhar VOBs created. Shashidhar Now we are successfully able to access the Shashidhar files/directories which are stored on unix from Shashidhar windows clients. Shashidhar Some times we get an error saying Incorrect function Shashidhar on the windows clients, when trying to access some Shashidhar .txt/.cpp/.h or any other text files. and this error Shashidhar is very sporadic, for some people it's works and for Shashidhar others it dosen't, eventhough the permissions are same Shashidhar for all the users. This is usually a permission problem related to the ALBD service account. It may also be due to a permission problem on the VOB storage directories. What does the view_log on the client say? What does the samba log for the client say? Do you have log file = /usr/local/samba/var/log.%m in your smb.conf file? This will make it easier to debug by creating a separate log file for each client. I've attached a text file with some initial troubleshooting steps you can follow. This file is extracted from some WEB pages I wrote about setting up and configuring Samba for ClearCase. -- Eric M. Boehm /\ ASCII Ribbon Campaign [EMAIL PROTECTED] \ / No HTML or RTF in mail X No proprietary word-processing Respect Open Standards / \ files in mail text_file_delta error Unable to construct cleartext for object X in VOB Error: Type manager text_file_delta failed construct_version operation. This is probably the most common error to occur in an interop environment. The error is most likely due to a failure to map the ALBD service account to a valid UNIX™ account. The client may see this as the error message Incorrect Function.. The error text above will be logged in the view_log on the view server host. Steps to debug the problem 1. Identify the ALBD service account. There are several methods that can use used to find the account used to run the ALBD service. 1. Windows NT 4.0 1. Select Start - Settings - Control Panel - Services 2. Double Click on the Atria Location Broker service 3. Text Box This account contains the name of the ALBD service account. service. 2. Windows 2000/XP 1. Start - Run - services.msc OR Start - Settings - Control Panel - Administrative Tools - Services 2. Double Click on the Atria Location Broker service 3. Click on Log On Tab 4. Text Box This account contains the name of the ALBD service account. service. 3. All versions of Windows 1. Start - Run - regedit 2. Find key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Albd 3. Value ObjectName contains the name of the ALBD service account. 2. Does the ALBD service account have a corresponding UNIX™ account? 1. YES. Proceed to the next step 2. NO. Check to see if the Samba username.map file contains an entry to map the ALBD service account to a valid UNIX™ account that also has access to the VOB(s). See Configuring username.map config_username_map.html for information on how to set up this file. If username.map has been modified, new connections will pick up the changes. If you want to affect existing connections, you will need to do one of: 1. Send a HUP signal to all running smbd processes. This will cause the smbd processes to reread the configuration file. You must be root to send the signal. kill -HUP `smbstatus -p` 2.
Re: [Samba] Re: v3.0.X kerberos_verify sol8 compile problem
On Mon, Nov 24, 2003 at 12:49:07PM -0500, Patrick Hopp wrote: Patrick == Patrick Hopp [EMAIL PROTECTED] writes: I opened a bug on this. It is fixed in CVS. The bug number is 636 Patrick er... I ment gcc and Sun's cc.. Patrick Hopp Patrick [EMAIL PROTECTED] wrote in message Patrick news:[EMAIL PROTECTED] Having a problem getting v3.0.0(or pre3) to compile on a Solaris 8 box, tried Sun compilers and Solaris compilers.. Recompiled/Re-installed Kerberos all roads lead to the same error compiling Samba, it gets about Patrick 2/3 of the way done and spews... Compiling libads/kerberos_verify.c libads/kerberos_verify.c: In function `create_keytab': libads/kerberos_verify.c:77: structure has no member named `keyblock' *** Error code 1 make: Fatal error: Command failed for target `libads/kerberos_verify.o' -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba Patrick -- To unsubscribe from this list go to the following URL Patrick and read the instructions: Patrick http://lists.samba.org/mailman/listinfo/samba -- Eric M. Boehm /\ ASCII Ribbon Campaign [EMAIL PROTECTED] \ / No HTML or RTF in mail X No proprietary word-processing Respect Open Standards / \ files in mail -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0.0 CVS 3.0.1pre2: libads/kerberos_verify.c, line 77: improper member use: keyblock
This has been submitted to https://bugzilla.samba.org/ as Bug 636 I'm trying to build Samba 3.0.0 CVS 3.0.1pre2 under Solaris 8 with MIT Kerberos 5 1.3.1 OpenLDAP 2.1.22 using the Sun Workshop 6U2 compiler Arguments to configure are: configured by ./configure, generated by GNU Autoconf 2.53, with options \'--with-readline' '--with-libiconv=/usr/local' '--with-ldap' '- -with-krb5=/usr/local/kerberos' '--with-ldapsam' '--with-automount' '--with-libs mbclient' '--with-acl-support' '--with-winbind' '--prefix=/usr/local' 'CC=cc' 'C FLAGS=-xarch=v9a' 'CPPFLAGS=-I/usr/local/include -I/usr/local/openldap/include - I/usr/local/sasl/include -I/usr/local/kerberos/include -I/usr/local/BerkeleyDB.4 .1/include -I/usr/local/openssl/include' 'LDFLAGS=-L/usr/local/lib/sparcv9 -L/us r/local/openldap/lib -L/usr/local/sasl/lib -L/usr/local/kerberos/lib -L/usr/loca l/BerkeleyDB.4.1/lib -L/usr/local/openssl/lib -R/usr/local/lib/sparcv9 -R/usr/lo cal/openldap/lib -R/usr/local/sasl/lib -R/usr/local/kerberos/lib -R/usr/local/Be rkeleyDB.4.1/lib -R/usr/local/openssl/lib'\ I get the following error trying to compile libads/kerberos_verify.c libads/kerberos_verify.c, line 77: improper member use: keyblock The relevant code below looks okay to me static krb5_error_code create_keytab(krb5_context context, krb5_principal host_princ, char *host_princ_s, krb5_data password, krb5_enctype *enctypes, krb5_keytab *keytab, char *keytab_name) { krb5_keytab_entry entry; krb5_kvno kvno = 1; krb5_error_code ret; krb5_keyblock *key; int i; [... lines deleted ...] entry.keyblock = *key; The problem is that the structure member name is key, not keyblock. From krb5.h typedef struct krb5_keytab_entry_st { krb5_magic magic; krb5_principal principal; /* principal of this key */ krb5_timestamp timestamp; /* time entry written to keytable */ krb5_kvno vno; /* key version number */ krb5_keyblock key; /* the secret key */ } krb5_keytab_entry; Here's a possible patch --- libads/kerberos_verify.c~ Tue Oct 14 13:28:27 2003 +++ libads/kerberos_verify.cThu Oct 16 08:37:20 2003 @@ -74,7 +74,7 @@ /* this will have to be detected in configure...heimdal calls it keyblock, MIT calls it key, but it does not matter we are creating keytabs with MIT */ - entry.keyblock = *key; + entry.key = *key; DEBUG(10,(adding keytab-entry for (%s) with encryption type (%d)\n, host_princ_s, enctypes[i])); -- Eric M. Boehm /\ ASCII Ribbon Campaign [EMAIL PROTECTED] \ / No HTML or RTF in mail X No proprietary word-processing Respect Open Standards / \ files in mail -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] info required
On Thu, Sep 04, 2003 at 08:48:34PM +0530, Gowridhar wrote: Gowridhar == Gowridhar [EMAIL PROTECTED] writes: Gowridhar Hello, I am Gowridhar from indus RD Ltd. Gowridhar Is samba 2.2.8a will work in solaris8.0? Yes. Gowridhar If works is it compatable with clearcase? Yes. -- Eric M. Boehm /\ ASCII Ribbon Campaign [EMAIL PROTECTED] \ / No HTML or RTF in mail X No proprietary word-processing Respect Open Standards / \ files in mail -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] help for finding 32-bit or 64-bit SAMBA
On Tue, Sep 02, 2003 at 03:51:20PM -0500, Madhavi Atluri wrote: Madhavi == Madhavi Atluri [EMAIL PROTECTED] writes: Madhavi Hi all, I have installed samba-2.2.8a on solaris 8 Madhavi machines, How can we check installed version is 32-bit or Madhavi 64-bit SAMBA. Run file /usr/local/samba/bin/smbd You should see something like /usr/local/samba/bin/smbd: ELF 64-bit MSB executable SPARCV9 Version 1, UltraSPARC1 Extensions Required, dynamically linked, not stripped If you see then it is 32-bit smbd: ELF 32-bit MSB executable SPARC32PLUS Version 1, V8+ Required, dynamically linked, not stripped -- Eric M. Boehm /\ ASCII Ribbon Campaign [EMAIL PROTECTED] \ / No HTML or RTF in mail X No proprietary word-processing Respect Open Standards / \ files in mail -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] source code for samba-2.2.8a-1-sol8-suncc-64bit.pkg
On Tue, Sep 02, 2003 at 04:05:02PM -0500, Madhavi Atluri wrote: Madhavi == Madhavi Atluri [EMAIL PROTECTED] writes: Madhavi Hi all, Where could I get souce code for Madhavi samba-2.2.8a-1-sol8-suncc-64bit.pkg, I checked in Madhavi samba.org but I just found pacakage( Madhavi samba-2.2.8a-1-sol8-suncc-64bit.pkg). The source code is the same for all versions. You get 32-bit or 64-bit depending on the options you provide to the compiler. I've posted this before. Here's how you build a 64-bit samba The following assumes that the C compiler is in your PATH. A. For Bourne/Korn shells: 1. Sun's Forte compiler CC=cc CPPFLAGS='-D__EXTENSIONS__' CFLAGS='-xarch=v9a' \ ./configure args-to-configure 2. For gcc 3.x or better CC=gcc CPPFLAGS='-D__EXTENSIONS__' CFLAGS='-m64' \ ./configure args-to-configure B. For Csh and derivatives: 1. Sun's Forte compiler setenv CC cc setenv CPPFLAGS '-D__EXTENSIONS__' setenv CFLAGS '-xarch=v9a' ./configure args-to-configure 2. For gcc 3.x or better setenv CC gcc setenv CPPFLAGS '-D__EXTENSIONS__' setenv CFLAGS '-m64' ./configure args-to-configure -- Eric M. Boehm /\ ASCII Ribbon Campaign [EMAIL PROTECTED] \ / No HTML or RTF in mail X No proprietary word-processing Respect Open Standards / \ files in mail -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] ERROR! Out of file structures
On Thu, Jun 05, 2003 at 12:26:08PM +0200, [EMAIL PROTECTED] wrote: Frank == [EMAIL PROTECTED] writes: Frank Hi all, I'm using SAMBA 2.0.7 (okay rather old, but I have Frank to run it, because of support matrix reasons) on a HP-UX Frank 11.11 box (rp5470). From time to time I see the following Frank message: Frank ERROR! Out of file structures Frank Does anyone know how to get rid of this problem by setting Frank an appropriate parameter. Many thanks in advance. Set 'max open files' to a larger number. If you don't set it, the default is 1. However, on many systems it will be set to the lower of max open files or rlim_fd_max. Your best option would be to recompile Samba as a 64-bit application or upgraded to 2.2.8a. I posted a patch to samba-technical back in January 2001 that would allow you to set max open files to the *larger* of max open files or rlim_fd_max instead of the smaller of the two settings. -- Eric M. Boehm /\ ASCII Ribbon Campaign [EMAIL PROTECTED] \ / No HTML or RTF in mail X No proprietary word-processing Respect Open Standards / \ files in mail -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] BUG REPORT: change_trust_account_password works in 2.0.7,fails in 2.2.3a through 2.2.8
I posted an earlier message about change_trust_account_password failing. I have been able to reproduce the error with 2.2.3a 2.2.5 2.2.7a 2.2.8 I can't seem to get 2.2.1 to even attempt to change the machine account password, even with machine password timeout = 300 The log of the failure looks like this: [2003/04/01 12:34:11, 1, pid=28443] lib/debug.c:(258) INFO: Debug class all level = 1 (pid 28443 from pid 28443) [2003/04/01 12:34:12, 1, pid=28443] smbd/service.c:(651) boehm-1 (47.142.166.20) connect to service perl as user boehm (uid=20718, gid=2245) (pid 28443) [2003/04/01 12:34:12, 1, pid=28443] smbd/service.c:(651) boehm-1 (47.142.166.20) connect to service perl as user boehm (uid=20718, gid=2245) (pid 28443) [2003/04/01 12:35:12, 0, pid=28443] rpc_client/cli_trust.c:(46) domain_client_validate: unable to fetch domain sid. [2003/04/01 12:35:12, 0, pid=28443] rpc_client/cli_trust.c:(46) domain_client_validate: unable to fetch domain sid. [2003/04/01 12:35:12, 0, pid=28443] rpc_client/cli_trust.c:(46) domain_client_validate: unable to fetch domain sid. [2003/04/01 12:35:12, 0, pid=28443] rpc_client/cli_trust.c:(247) 2003/04/01 12:35:12 : change_trust_account_password: Failed to change password for domain AMERICASE. Increasing the debug level to 10 doesn't seem to impart any more useful information but I do have level 10 log of the problem (about 42K). I don't believe that there is anything wrong with my machine account. If I drop back to 2.0.7, I am able to successfully change my machine account. I have done so by setting 'machine password timeout = 300' and went through two successful changes of the machine account password. -- Eric M. Boehm /\ ASCII Ribbon Campaign [EMAIL PROTECTED] \ / No HTML or RTF in mail X No proprietary word-processing Respect Open Standards / \ files in mail -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 2.2.8 is failing on change machine account password
On Fri, Mar 28, 2003 at 10:00:47PM +1100, Andrew Bartlett wrote: Andrew == Andrew Bartlett [EMAIL PROTECTED] writes: Andrew On Fri, 2003-03-28 at 19:44, Hansjoerg Maurer wrote: Andrew If you run 'smbpasswd -t' it should do it on demand. That doesn't seem to work smbpasswd -t AMERICASE 2003/03/28 07:40:32 : change_trust_account_password: Failed to change password for domain AMERICASE. I do have a debug level 10 log of the attempt but there really isn't much more information in it. I really do think this might be a bug. If anyone has been able to get this to work, I would appreciate hearing about it. If there are other steps I can take to help debug/fix this, I am willing to take those steps. Doesn't this present a potential security issue if the machine password never changes? [2003/03/27 15:33:15, 5, pid=25400] lib/util.c:(291) smb_bcc=0 [2003/03/27 15:33:15, 6, pid=25400] lib/util_sock.c:(518) write_socket(10,39) [2003/03/27 15:33:15, 6, pid=25400] lib/util_sock.c:(521) write_socket(10,39) wrote 39 [2003/03/27 15:34:15, 3, pid=25400] smbd/sec_ctx.c:(329) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2003/03/27 15:34:15, 5, pid=25400] smbd/uid.c:(217) change_to_root_user: now uid=(0,0) gid=(0,0) [2003/03/27 15:34:15, 10, pid=25400] smbd/process.c:(1137) timeout_processing: checking to see if machine account password need changing. [2003/03/27 15:34:15, 10, pid=25400] smbd/process.c:(1167) timeout_processing: machine account password last change time = (1046645657) Sun, 02 Mar 2003 17:54:17 EST. [2003/03/27 15:34:15, 0, pid=25400] rpc_client/cli_trust.c:(46) domain_client_validate: unable to fetch domain sid. [2003/03/27 15:34:15, 0, pid=25400] rpc_client/cli_trust.c:(46) domain_client_validate: unable to fetch domain sid. [2003/03/27 15:34:15, 0, pid=25400] rpc_client/cli_trust.c:(46) domain_client_validate: unable to fetch domain sid. [2003/03/27 15:34:15, 0, pid=25400] rpc_client/cli_trust.c:(248) 2003/03/27 15:34:15 : change_trust_account_password: Failed to change password for domain AMERICASE. [2003/03/27 15:34:20, 10, pid=25400] lib/util_sock.c:(559) got smb length of 35 [2003/03/27 15:34:20, 6, pid=25400] smbd/process.c:(845) got message type 0x0 of len 0x23 [2003/03/27 15:34:20, 3, pid=25400] smbd/process.c:(846) Transaction 15 of length 39 [2003/03/27 15:34:20, 5, pid=25400] lib/util.c:(275) size=35 smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=18439 -- Eric M. Boehm /\ ASCII Ribbon Campaign [EMAIL PROTECTED] \ / No HTML or RTF in mail X No proprietary word-processing Respect Open Standards / \ files in mail -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 2.2.8 is failing on change machine account password
On Fri, Mar 28, 2003 at 11:50:34PM +1100, Andrew Bartlett wrote: Andrew == Andrew Bartlett [EMAIL PROTECTED] writes: Andrew If you run 'smbpasswd -t' it should do it on demand. Eric That doesn't seem to work Andrew I didn't say it would work, just that it would be easier Andrew to debug :-) True enough :-( Eric Doesn't this present a potential security issue if the machine Eric password never changes? Andrew Small - basically if the 'bad guy' can figure out the Andrew password by cryptographic or network brute force before Andrew you change it, yes. If he is listening on the connection Andrew always anyway, then they will observe the password change. Andrew In short - keep it secret, and it's not too bad. [2003/03/27 15:33:15, 5, pid=25400] lib/util.c:(291) smb_bcc=0 [2003/03/27 15:33:15, 6, pid=25400] lib/util_sock.c:(518) write_socket(10,39) [2003/03/27 15:33:15, 6, pid=25400] lib/util_sock.c:(521) write_socket(10,39) wrote 39 [2003/03/27 15:34:15, 3, pid=25400] smbd/sec_ctx.c:(329) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2003/03/27 15:34:15, 5, pid=25400] smbd/uid.c:(217) change_to_root_user: now uid=(0,0) gid=(0,0) [2003/03/27 15:34:15, 10, pid=25400] smbd/process.c:(1137) timeout_processing: checking to see if machine account password need changing. [2003/03/27 15:34:15, 10, pid=25400] smbd/process.c:(1167) timeout_processing: machine account password last change time = (1046645657) Sun, 02 Mar 2003 17:54:17 EST. [2003/03/27 15:34:15, 0, pid=25400] rpc_client/cli_trust.c:(46) domain_client_validate: unable to fetch domain sid. Andrew This certainly looks like an issue. Andrew Have you tried rejoining the domain? No, I was hoping to avoid that as I don't control the domain and don't have domain admin rights. I have to open a ticket and have the machine account refreshed or deleted/recreated -- that can take time. I have several servers I have to upgrade and rejoining the domain would complicate the process and make it take longer. I don't believe it was necessary to rejoin for 2.2.5. However, if you think that rejoining the domain is the next logical step in debugging this, I'll give it a try. Would it be best to have the account refreshed or deleted/recreated? Alternatively, would it be better to try earlier 2.2.x versions and use smbpasswd -t in an attempt to find out which version broke it? -- Eric M. Boehm /\ ASCII Ribbon Campaign [EMAIL PROTECTED] \ / No HTML or RTF in mail X No proprietary word-processing Respect Open Standards / \ files in mail -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 2.2.8 is failing on change machine account password
I've noticed that a few systems that I've upgraded to Samba 2.2.8 are not able to change the machine account password. I have security = domain and I am seeing entries like this in the log. [2003/03/27 14:22:23, 1, pid=10302] smbd/service.c:(636) le21pai-1 (47.142.162.19) connect to service export as user wcitiadm (uid=201361, gid=4785) (pid 10302) [2003/03/27 14:22:24, 0, pid=10302] rpc_client/cli_trust.c:(46) domain_client_validate: unable to fetch domain sid. [2003/03/27 14:22:24, 0, pid=10302] rpc_client/cli_trust.c:(46) domain_client_validate: unable to fetch domain sid. [2003/03/27 14:22:24, 0, pid=10302] rpc_client/cli_trust.c:(46) domain_client_validate: unable to fetch domain sid. [2003/03/27 14:22:24, 0, pid=10302] rpc_client/cli_trust.c:(248) 2003/03/27 14:22:24 : change_trust_account_password: Failed to change password for domain AMERICASE. I've tried to debug this without much success. Any assistance in debugging this or resolving this would be appreciated. I am still able to access my shares but the machine account password is not changing as it should. -- Eric M. Boehm /\ ASCII Ribbon Campaign [EMAIL PROTECTED] \ / No HTML or RTF in mail X No proprietary word-processing Respect Open Standards / \ files in mail -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Unable to build Samba 2.2.8 libsmbclient on HP-UX 11.00
Hello, I am having problems building Samba 2.2.8 on HP-UX 11.00. I am using the ANSI C compiler, /opt/ansic/bin/cc: LINT A.11.01.25171.GP CXREF A.11.01.25171.GP HP92453-01 A.11.01.25171.GP HP C Compiler $ Sep 8 2000 23:13:51 $ My configure line is CC=cc CFLAGS='+DA2.0W' ./configure --with-automount --with-libsmbclient --with-winbind I get the following errors Linking libsmbclient non-shared library bin/libsmbclient.a Linking libsmbclient shared library bin/libsmbclient.sl ld: (Warning) Cannot make undefined symbol ISSECURE symbolic. Symbol was refer enced from file /usr/lib/pa20_64/libsec.sl ld: Unsatisfied protected symbol ISSECURE in file libsmb/libsmbclient.po ld: Unsatisfied protected symbol ISSECURE in file lib/charcnv.po [deleted lines] ld: Unsatisfied protected symbol ISSECURE in file ubiqx/ubi_sLinkList.po ld: Unsatisfied protected symbol ISSECURE in file ubiqx/debugparse.po 1 warnings. 83 errors. make: *** [bin/libsmbclient.sl] Error 1 Any ideas? -- Eric M. Boehm /\ ASCII Ribbon Campaign [EMAIL PROTECTED] \ / No HTML or RTF in mail X No proprietary word-processing Respect Open Standards / \ files in mail -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Unable to build Samba 2.2.8 libsmbclient on HP-UX 11.00
Hello, I am having problems building Samba 2.2.8 on HP-UX 11.00. I am using the ANSI C compiler, /opt/ansic/bin/cc: LINT A.11.01.25171.GP CXREF A.11.01.25171.GP HP92453-01 A.11.01.25171.GP HP C Compiler $ Sep 8 2000 23:13:51 $ My configure line is CC=cc CFLAGS='+DA2.0W' ./configure --with-automount --with-libsmbclient --with-winbind I get the following errors Linking libsmbclient non-shared library bin/libsmbclient.a Linking libsmbclient shared library bin/libsmbclient.sl ld: (Warning) Cannot make undefined symbol ISSECURE symbolic. Symbol was refer enced from file /usr/lib/pa20_64/libsec.sl ld: Unsatisfied protected symbol ISSECURE in file libsmb/libsmbclient.po ld: Unsatisfied protected symbol ISSECURE in file lib/charcnv.po [deleted lines] ld: Unsatisfied protected symbol ISSECURE in file ubiqx/ubi_sLinkList.po ld: Unsatisfied protected symbol ISSECURE in file ubiqx/debugparse.po 1 warnings. 83 errors. make: *** [bin/libsmbclient.sl] Error 1 Any ideas? -- Eric M. Boehm /\ ASCII Ribbon Campaign [EMAIL PROTECTED] \ / No HTML or RTF in mail X No proprietary word-processing Respect Open Standards / \ files in mail
Re: [Samba] Accesing shares from ClearCase
On Mon, Feb 24, 2003 at 04:45:04PM +0100, Carlos Moro Garrido wrote: Carlos == Carlos Moro Garrido [EMAIL PROTECTED] writes: Carlos Hi all, Carlos Just a novice in this world of Samba. I got a Carlos question, probably too simple. No problem to access share Carlos file systems and mount ClearCase vobs. Log shows access Carlos granted to NT userid belonging to the right UNIX group. Carlos Then, editing a file ( using a view thru Explorer), Carlos log shows another non authenticate user called Carlos clearcase_albd trying to be validated. I guess due to Carlos that, mvfs errors pop up You would be better off asking this question on the CCIUG mailing list ([EMAIL PROTECTED]). However, this is a very common error with Samba and ClearCase. I'll assume that you are also getting a text_file_delta error message about being unable to construct cleartext version. If so, the problem is likely that the account running the ALBD service on the PC (clearcase_albd) is not mapped to a valid UNIX user. We usually map this account with /usr/local/samba/lib/username.map (or wherever you have Samba installed) with an entry unix vob owner = clearcase_albd If your account is something other than clearcase_albd, you'll have to change the entry accordingly. Once you make this change, it is not necessary to stop and restart Samba. New connections will pick up the mapping automatically. If this doesn't solve your problem, we'll need more information about the exact error messages -- and this problem would be more relevant on the CCIUG mailing list than the Samba mailing list. -- Eric M. Boehm /\ ASCII Ribbon Campaign [EMAIL PROTECTED] \ / No HTML or RTF in mail X No proprietary word-processing Respect Open Standards / \ files in mail -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
How do I enable groupname map functionality?
I can see code in Samba 2.2.7a in source/smbd/groupname.c to do groupname map functionality. I see #ifdef USING_GROUPNAME_MAP but I don't see any option to configure to enable this. Is this feature available or is it still under development. -- Eric M. Boehm /\ ASCII Ribbon Campaign [EMAIL PROTECTED] \ / No HTML or RTF in mail X No proprietary word-processing Respect Open Standards / \ files in mail
Re: [Samba] Running Samba twice
On Mon, Jan 13, 2003 at 07:50:31PM +0100, Gerd-Christian Michalke wrote: Marian == Marian Mlcoch, Ing [EMAIL PROTECTED] writes: Tom == [EMAIL PROTECTED] writes: Gerd == Gerd-Christian Michalke [EMAIL PROTECTED] writes: Marian You must set path to pid files in your confs diferent.See Marian conf help to do. Tom Thankyou very much. Tom Still doesn't work tho. Tom Now I get Tom bind failed on port 139 socket_addr = 0.0.0.0 Error = Address Tom already in use. Tom It sholdn'#t be trying to bind to 0.0.0.0 Tom Am I missing something? Gerd Here some tips which might help you further : Gerd - you must start twice the daemons, but under different Gerd names (say, you'd make a copy of smbd and call them smbd1 Gerd and smbd2) - those copies should also use different smb.conf Gerd files, in which you would define different interfaces and Gerd bind interface only parameters - also define different pids Gerd and different log directories in those two smb.conf - also, Gerd you need two different IP adresses, which you may use IP Gerd aliases I posted detailed instructions on how to run multiple smbd/nmbd daemons (almost a year ago). You might take a look at: http://marc.theaimsgroup.com/?t=10130473722r=1w=2 -- Eric M. Boehm /\ ASCII Ribbon Campaign [EMAIL PROTECTED] \ / No HTML or RTF in mail X No proprietary word-processing Respect Open Standards / \ files in mail -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Using the right network interface
On Mon, Dec 16, 2002 at 10:46:23AM +1100, Simeonidis, Steve wrote: Steve == Simeonidis, Steve [EMAIL PROTECTED] writes: Steve Sorry Eric, I'm talking about Windows DOMAIN/WORKGROUPS One Steve interface will have a different Domain to the other Steve eg. eth0 Domain - DomainA eth1 Domain - DomainB Steve I was just wondering if nmbd will work properly. I believe that it should as long as you are running a separate smbd/nmbd on each interface. Eric What kind of domain do you mean? A Windows domain or a DNS Eric domain? If its a DNS domain, I don't think it matters. If Eric it is a Windows domain, I am not sure. Eric I'm not sure I understand the question. In the link for the Eric thread I sent you Eric http://marc.theaimsgroup.com/?t=10130473722r=1w=2 -- Eric M. Boehm /\ ASCII Ribbon Campaign [EMAIL PROTECTED] \ / No HTML or RTF in mail X No proprietary word-processing Respect Open Standards / \ files in mail -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Using the right network interface
On Thu, Dec 12, 2002 at 11:16:39PM +1100, Simeonidis, Steve wrote: Steve == Simeonidis, Steve [EMAIL PROTECTED] writes: Steve Thanks for that, I'll give it a go! Will nmbd work Steve properly if one interface belongs to a different domain Steve than the other? What kind of domain do you mean? A Windows domain or a DNS domain? If its a DNS domain, I don't think it matters. If it is a Windows domain, I am not sure. I'm not sure I understand the question. In the link for the thread I sent you http://marc.theaimsgroup.com/?t=10130473722r=1w=2 The examples I provide run a separate smbd *and* nmbd for each interface. BTW, I built 2.2.5 and it only binds to one interface for me if I just specify interfaces = 192.168.1.1/24 even if bind interfaces only = yes is commented out. Steve Will it get mixed up? -- Eric M. Boehm /\ ASCII Ribbon Campaign [EMAIL PROTECTED] \ / No HTML or RTF in mail X No proprietary word-processing Respect Open Standards / \ files in mail -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Using the right network interface
On Wed, Dec 11, 2002 at 12:52:31PM +1100, Simeonidis, Steve wrote: Steve == Simeonidis, Steve [EMAIL PROTECTED] writes: Steve I've tried the bind interfaces only = yes but still the Steve same netstat gives the same results. Hmmm. That's odd. Maybe we need to see the rest of your smb.conf. I have samba running on my firewall (Red Hat 7.2) at home and it is restricted to the internal interface. netstat -an | grep 137 returns udp0 0 192.168.1.1:137 0.0.0.0:* udp0 0 0.0.0.0:137 0.0.0.0:* unix 2 [ ] DGRAM1372 Here are all my interfaces ifconfig -a eth0 Link encap:Ethernet HWaddr 00:80:C6:F7:8E:0C inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0 EtherTalk Phase 2 addr:65280/100 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:92588 errors:0 dropped:0 overruns:0 frame:0 TX packets:90112 errors:1 dropped:0 overruns:0 carrier:1 collisions:0 RX bytes:59279583 (56.5 Mb) TX bytes:35587352 (33.9 Mb) eth1 Link encap:Ethernet HWaddr 00:01:02:2E:D3:C0 inet addr:X.X.X.X Bcast:255.255.255.255 Mask:255.255.252.0 EtherTalk Phase 2 addr:65280/200 UP BROADCAST NOTRAILERS RUNNING MTU:1500 Metric:1 RX packets:2180771 errors:0 dropped:0 overruns:0 frame:0 TX packets:84308 errors:0 dropped:0 overruns:0 carrier:1 collisions:833 RX bytes:161348660 (153.8 Mb) TX bytes:58081125 (55.3 Mb) gre0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 NOARP MTU:1476 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) loLink encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 EtherTalk Phase 2 addr:0/0 UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:605 errors:0 dropped:0 overruns:0 frame:0 TX packets:605 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 RX bytes:99629 (97.2 Kb) TX bytes:99629 (97.2 Kb) And here's my smb.conf (I've deleted the shares for brevity) # Global parameters [global] security = server encrypt passwords = yes workgroup = BOEHM netbios name = ARACHNE server string = Samba Server interfaces = 192.168.1.1/24 #bind interfaces only = Yes log file = /var/log/samba/log.%m #max log size = 50 max open files = 1014 #debug level = 3 socket options = TCP_NODELAY dns proxy = No wins support = true hosts allow = 192.168.1. os level = 65 domain master = yes Well, I thought I had bind interfaces only = Yes but it is commented out. I commented out the interfaces lines and restarted Samba. Now netstat -an | grep 137 udp0 0 192.168.1.1:137 0.0.0.0:* udp0 0 X.X.X.X:137 0.0.0.0:* udp0 0 0.0.0.0:137 0.0.0.0:* shows 2 interfaces. This is version 2.2.1a. I also shut down the firewall software (netfilter) temporarily to see if it was causing Samba to be restricted to one interface, but that wasn't the case. I'll try building 2.2.5 later and see if it makes a difference. Steve What I'm really trying to do and why I need this is because Steve I want to run 2 instances of SAMBA, a different one on each Steve interface. That's a different problem. I think I posted a message on this before. I'll try to find it and send you the reference. -- Eric M. Boehm /\ ASCII Ribbon Campaign [EMAIL PROTECTED] \ / No HTML or RTF in mail X No proprietary word-processing Respect Open Standards / \ files in mail -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Using the right network interface
On Wed, Dec 11, 2002 at 08:19:12AM -0500, Boehm, Eric [NCRTP:C28D:EXCH] wrote: Eric == Boehm, Eric [NCRTP:C28D:EXCH] Boehm writes: Steve == Simeonidis, Steve [EMAIL PROTECTED] Steve What I'm really trying to do and why I need this is because Steve I want to run 2 instances of SAMBA, a different one on each Steve interface. Eric That's a different problem. I think I posted a message on Eric this before. I'll try to find it and send you the Eric reference. Here's the reference for the question I responded to on 2/7/2002. My suggestions worked for the person asking the question. http://marc.theaimsgroup.com/?t=10130473722r=1w=2 -- Eric M. Boehm /\ ASCII Ribbon Campaign [EMAIL PROTECTED] \ / No HTML or RTF in mail X No proprietary word-processing Respect Open Standards / \ files in mail -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Using the right network interface
On Tue, Dec 10, 2002 at 07:25:07AM -0500, Joel Hammer wrote: Joel == Joel Hammer [EMAIL PROTECTED] writes: Joel Just having a senior moment here, but, I recall vaguely that Joel samba will listening on all NIC's but ignores the ones you Joel tell it to ignore with. Yes, samba will listen on all interfaces. The problem is that Steve hasn't specified all the parameters necessary to restrict Samba to one interface. Try something like the following: interfaces = 192.168.6.10/24 127.0.0.1/8 bind interfaces only = yes You will want to include the loopback interfaces Check the sections in man smb.conf regarding these two directives. You need to include the loopback interface in the interfaces list or smbpasswd and swat will not work. Steve Hi everyone, Steve samba 2.2.5 The server I'm using has 2 interfaces so using Steve the interface parameter I'm telling samba to use eth0 but Steve for some reason when I do netstat it is listening on eth1 Steve interface = eth0 (the IP is 192.168.6.10) Steve netstat -an udp 0 0 138.79.161.225:137 0.0.0.0:* udp 0 0 Steve 0.0.0.0:137 0.0.0.0:* udp 0 0 138.79.161.225:138 0.0.0.0:* Steve 138.79.161.225 is the IP of eth1!??! Steve I've also tried interface = 192.168.6.10/24 Steve Any ideas?? -- Eric M. Boehm /\ ASCII Ribbon Campaign [EMAIL PROTECTED] \ / No HTML or RTF in mail X No proprietary word-processing Respect Open Standards / \ files in mail -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Using the right network interface
On Tue, Dec 10, 2002 at 04:55:49PM +0100, Holger Krull wrote: Holger == Holger Krull [EMAIL PROTECTED] writes: You will want to include the loopback interfaces Check the sections in man smb.conf regarding these two directives. You need to include the loopback interface in the interfaces list or smbpasswd and swat will not work. Holger Hi, Holger are you sure about the loopback interface? I have Holger interfaces eth0:0 bind interfaces only = yes in smb.conf Holger and no problems with smbpasswd and swat so far. Other Holger problems remain, though. I am just going by the instructions. I've never tried it without the loopback interface. From the man page: If bind interfaces only is set then unless the network address 127.0.0.1 is added to the interfaces parameter list smbpasswd(8) and swat(8)may not work as expected due to the reasons covered below. To change a users SMB password, the smbpasswd by default connects to the localhost - 127.0.0.1 address as an SMB client to issue the password change request. If bind interfaces only is set then unless the network address 127.0.0.1 is added to the interfaces parameter list then smbpasswd will fail to connect in it's default mode. smbpasswd can be forced to use the pri- mary IP interface of the local host by using its -r remote machine parameter, with remote machine set to the IP name of the primary interface of the local host. The swat status page tries to connect with smbd and nmbd at the address 127.0.0.1 to determine if they are running. Not adding 127.0.0.1 will cause smbd and nmbd to always show not running even if they really are. Thiscanprevent swatfrom starting/stopping/restarting smbd and nmbd. Default: bind interfaces only = no -- Eric M. Boehm /\ ASCII Ribbon Campaign [EMAIL PROTECTED] \ / No HTML or RTF in mail X No proprietary word-processing Respect Open Standards / \ files in mail -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: PR #s 25271, 25273, 25445 security=domain does not work onSolaris
On Mon, Sep 09, 2002 at 11:36:51AM -0400, David Collier-Brown wrote: David == David Collier-Brown [EMAIL PROTECTED] writes: Tim == Tim Allen [EMAIL PROTECTED] writes: Tim I have posted to this group in the past and been told that Tim the behavior I'm seeing is not correct. My main file server Tim (Samba/Linux) does not behave this way (similar smb.conf). Tim And the symptom was: I have posted to the user groups and Tim think I have found a bug. Our RHL6.2 box running samba 2.0.6 Tim is a member of our NT domain. An NT user (say jbloggs) cannot Tim browse the unix/samba box unless there is a corresponding Tim unix user (jbloggs) on the unix box; this is the expected Tim (and correct??!) behavior. We have added samba 2.2.2 to one Tim of our Sun boxes (Solaris 8) and now we appear to have to add Tim users to the smbusers file in addition to (or instead of) Tim just having a corresponding unix user. I will supply further Tim information (smb.conf, log files, whatever) as requested. David You normally need a Unix user, but if you wish to use David the NT form of encrypted passwords, you also have to have David an entry for the user in the smbpasswd file. As David security=domain requires encrypted passwords, I'm afraid David you're stuck with it! Are you sure about this? I've been running 2.0.7 for a couple of years with security = domain and I don't need to create an smbusers file. The only time I run into problems is if the Windows user does not have a UNIX account. As long as the userid exists in the Windows domain and NIS domain, it works fine (with encrypted passwords). I am also running 2.2.5 with the same configuration. It might be worthwhile to see Tim's smb.conf or a level 3 or level 5 log of a failed access. Here's the relevant portion of mine workgroup = AMERICASE security = domain password server= ZRTPD01T ZRTPD0P0 NRTPDE11 # wins server= 47.156.160.179 encrypt passwords = yes -- Eric M. Boehm /\ ASCII Ribbon Campaign [EMAIL PROTECTED] \ / No HTML or RTF in mail X No proprietary word-processing Respect Open Standards / \ files in mail
Re: How do I compile 64 bit Samba on Solaris 8?
On Tue, Jul 30, 2002 at 03:38:59PM -0700, Dennis, David M. wrote: Dave == Dennis, David M [EMAIL PROTECTED] writes: Dave Regarding compiling on solaris: 1) make sure the environment Dave variable CC is set to the proper compiler. If gcc then $CC Dave needs 'gcc' and if Forte on Sun then $CC=cc . Dave 2) ensure the proper paths, the Sun Companion CD puts gcc in Dave /opt/sfw/bin/gcc . Dave 3) LD_LIBRARY_PATH must include non-standard Solaris libs, Dave /usr/local/lib is NOT standard on Solaris. Might be best to unset LD_LIBRARY_PATH Dave 4) If you have Forte your PATH should be something like Dave /opt/SUNWspro/bin ahead of everything, and /opt/sfw/bin or Dave /usr/local/bin last . LD_LIBRARY_PATH should likewise have Dave /opt/SUNWspro/lib ahead of everything else. Dave There was also just recently a patch posted for smbwrapper Dave for samba, if your compile is failing with that email me and Dave I'll send it along. Dave Hope that helps, anyone feel free to add corrections to the Dave above, I am still learning these myself! John I haven't found any docs on how to do this. Can someone John point me in the right direction? I've got Forte compiler 6.2 John and the sun linker and assembler in my path, but not gcc. Is John it an option I give to configure? Do I have to use gcc? I believe I've posted instructions on this several times in the past. Assuming that you have cc in your PATH and the CC=cc A. For Bourne/Korn Shells 1. For Sun's Forte compiler CC=cc CPPFLAGS='-D__EXTENSIONS__' CFLAGS='-xarch=v9a' \ ./configure args-to-configure 2. For gcc 3.x or better CC=gcc CPPFLAGS='-D__EXTENSIONS__' CFLAGS='-m64' \ ./configure args-to-configure B. For Csh and derivatives 1. For Sun's Forte compiler setenv CC cc \ setenv CPPFLAGS '-D__EXTENSIONS__' \ setenv CFLAGS '-xarch=v9a' \ ./configure args-to-configure 2. For gcc 3.x or better setenv CC gcc\ setenv CPPFLAGS '-D__EXTENSIONS__' \ setenv CFLAGS '-m64' \ ./configure args-to-configure The CPPFLAGS='-D__EXTENSIONS__' is necessary because configure doesn't (yet) include crypt.h and crypt gets the wrong prototype in a 64-bit application, leading to a SIGSEGV in swat If you experience difficulties linking some shared objects, it's because the definition of SHLD doesn't include CFLAGS. The workaround is make SHLD='${CC} ${CFLAGS}' when building Samba You could also use '-xarch=v9' or 'xarch=v9b' for UltraSparc III or '-xarch=native64' instead of '-xarch=v9a' -- Eric M. Boehm /\ ASCII Ribbon Campaign [EMAIL PROTECTED] \ / No HTML or RTF in mail X No proprietary word-processing Respect Open Standards / \ files in mail
Re: compile samba-2.2.4 on Solaris 7
On Mon, Jun 03, 2002 at 03:31:10PM -0500, Gerald Carter wrote: Jerry == Gerald Carter [EMAIL PROTECTED] writes: Eric On Thu, 30 May 2002, Eric Boehm wrote: I've seen the Eric following behavior on Solaris 8. Eric 1. compiling 32-bit with Sun Workshop, configure checks for Eric and finds readdir64... yes dirent64... yes Eric 2. compiling 32-bit with Sun Workshop, configure checks for Eric and finds readdir64... no dirent64... yes Jerry Do you mean 64-bit here for #2? Yes, I mean 64-bit. cut-and-paste too quickly, sorry. -- Eric M. Boehm /\ ASCII Ribbon Campaign [EMAIL PROTECTED] \ / No HTML or RTF in mail X No proprietary word-processing Respect Open Standards / \ files in mail
[Samba] Samba 2.2.5-pre and --with-winbind is not handling passwords properly
I am seeing some rather strange behavior with SAMBA_2_2 (update from CVS, 05/29 12:30 EDT) If I build with ./configure --with-automount --with-pam --with-libsmbclient --with-acl-support then /usr/local/samba/bin/smbclient -d 10 -L wnc0s00u -W americase -U boehm Password: password or /usr/local/samba/bin/smbclient -d 10 -L wnc0s00u -W americase -U boehm%password works fine. If I build with ./configure --with-automount --with-pam --with-libsmbclient \ --with-acl-support --with-winbind then /usr/local/samba/bin/smbclient -d 10 -L wnc0s00u -W americase -U boehm%password or export USER=boehm%password /usr/local/samba/bin/smbclient -d 10 -L wnc0s00u -W americase work. However, /usr/local/samba/bin/smbclient -d 10 -L wnc0s00u -W americase -U boehm Password: password fails with session setup failed: ERRSRV - ERRbadpw (Bad password - name/password pair in a Tree Connect or Session Setup are invalid.) The log file says [2002/05/29 13:36:28, 0, pid=8803] rpc_client/cli_netlogon.c:(406) cli_net_sam_logon_internal: NT_STATUS_WRONG_PASSWORD [2002/05/29 13:36:28, 0, pid=8803] smbd/password.c:(1605) domain_client_validate: unable to validate password for user BOEHM in domain AMERICASE to Domain controller PCNTRTP01. Error was NT_STATUS_WRONG_PASSWORD. I know I am not mistyping the password because I am using the mouse to paste it in. I have level 10 logs of -U user%password vs -U user when compiled with --with-winbind but it is 6000+ lines of text. I can upload it if desired. My smb.conf looks like smb.conf: # Global parameters client code page = 437 # Samba requests 1 but Solaris has only 1014 to spare #max open files = 1014 comment = Samba %v server share modes = yes getwd cache = yes browseable = yes load printers = no local master = no log file = /usr/local/samba/var/log.%m username map = /usr/local/samba/lib/username.map debug pid = yes dead time = 30 debug level = 1 socket options = TCP_NODELAY SO_KEEPALIVE SO_SNDBUF=32768 SO_RCVBUF=32768 include = /usr/local/samba/lib/smb.conf.global.%h include = /usr/local/samba/lib/smb.conf.shares.%h smb.conf.global.wnc0s00u: # if security = domain, then password server = * and workgroup is the # domain of the machine account resource domain workgroup = PCNTRTP security = domain password server = PCNTRTP01, ZRTPD0P0, PCNTRTP02 # password server = * # if security = server, then password server = PDC, BDC ... # where PDC and BDC are primary and backup domain controllers of # the user account resource domain # workgroup = americase # security = server # password server = ZRTPD01T, NRTPDE11, NRTPDE10, NRTPI915, PCNTRTP01, PCNTRTP02 wins server = 47.156.160.179 encrypt passwords = yes server string = Test Samba server %h (%L), Samba interfaces = 47.142.164.249/22 #shared mem size = 4194304 #netbios aliases = alias1 alias2 #winbind separator = + #winbind uid = 8-9 #winbind gid = 8-9 #winbind enum users = yes #winbind enum groups = yes #template homedir = /home/%U #template shell = /usr/bin/ksh -- Eric M. Boehm /\ ASCII Ribbon Campaign [EMAIL PROTECTED] \ / No HTML or RTF in mail X No proprietary word-processing Respect Open Standards / \ files in mail -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba